From owner-freebsd-current@FreeBSD.ORG Sat May 8 08:03:45 2004 Return-Path: Delivered-To: freebsd-current@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D37DE16A4CE for ; Sat, 8 May 2004 08:03:45 -0700 (PDT) Received: from VARK.homeunix.com (adsl-68-124-137-57.dsl.pltn13.pacbell.net [68.124.137.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6400E43D54 for ; Sat, 8 May 2004 08:03:45 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: from VARK.homeunix.com (localhost [127.0.0.1]) by VARK.homeunix.com (8.12.10/8.12.10) with ESMTP id i48F3CAd007697; Sat, 8 May 2004 08:03:12 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by VARK.homeunix.com (8.12.10/8.12.10/Submit) id i48F3Cad007696; Sat, 8 May 2004 08:03:12 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Date: Sat, 8 May 2004 08:03:12 -0700 From: David Schultz To: Marc Olzheim Message-ID: <20040508150312.GA7381@VARK.homeunix.com> References: <20040507092235.GA61837@stack.nl> <20040507100119.GA15782@cat.robbins.dropbear.id.au> <20040507235556.GB37035@empiric.dek.spc.org> <20040508010228.GA18935@cat.robbins.dropbear.id.au> <20040508012357.GA37547@empiric.dek.spc.org> <20040508030258.GA19512@cat.robbins.dropbear.id.au> <20040508044207.GB38736@empiric.dek.spc.org> <20040508070040.GA20138@cat.robbins.dropbear.id.au> <20040508135954.GA469@stack.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040508135954.GA469@stack.nl> cc: Bruce M Simpson cc: Poul-Henning Kamp cc: freebsd-current@www.freebsd.org cc: Tim Robbins Subject: Re: Unified getcwd() implementation X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2004 15:03:46 -0000 On Sat, May 08, 2004, Marc Olzheim wrote: > On Sat, May 08, 2004 at 05:00:40PM +1000, Tim Robbins wrote: > > Both the current implementation and the proposed new implementation > > try to find the pathname use the namecache without authorization > > checks, then if that fails, go on to read the directories, but this > > time with authorization checks. What is the difference? > > standards/44425 mentions why the current implementation is not a bug in > the standards point of view. > > bin/22291, kern/30527, kern/39331 and kern/55993 are about issues we > have because of the current implementation. 30527 seems to be unrelated... > What would be gained from this patch is: > - consistency > - getcwd() having elevated permission to actually be able to find the > real cwd. The fact that the present implementation is inconsistent is a bug. Moreover, it's a small bug, with a patch already provided in standards/44425. Therefore, this is poor justification for completely replacing the current implementation. Recall that in POSIX, it's perectly legal to refuse to reveal the cwd when an the user lacks search permission to some ancestor directory. Moreover, refusing permission may be safer because it respects users' intent to revoke search permission. The present implementation is also less complex because it defers the hard cases to userland. On the other hand, we need to support the full-blown kernel version in the Linuxolator anyway, so we might as well do it once and do it right. But this doesn't necessarily mean it's a good idea to bypass restrictions on read permission. So in summary, I'm in support of the idea of unifying our getcwd implementations, modulo some of the details...