From nobody Sun Aug 11 15:54:38 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Whhzf5yXzz5T646; Sun, 11 Aug 2024 15:54:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Whhzf5Q21z46hL; Sun, 11 Aug 2024 15:54:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723391678; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aZHoNh7hAsX7PuXBJ81IMiOV0SHOdixOUoeaUFQyRaE=; b=ry2MG+qZupuh6Qd8fd5cqRqVew1WQdqRdWqgQtsrOvCRpsdjoA6RU9x+LqqyP/oL1r4doT K3ntIfAbtuH+3RFSEIqqR+6otDzuWSXbOZDsO/9j2MnzyMH1zogMjFWu/rqg32HQsTk09E Py1zr8KQ20KOU/1oU7MzZDzjhbvm+sGSQI3U1pun9agZ7P6GGe1Xw0jJSBFpiH6guugjJR 87M2brINw7EJ7oAmvoVqgq3lRvlk6+VGmM2WEW3flEoQpB0sb3a91QvDU1FDrw2fMQlDWf pLuS0G1BE29INiLOlNlXHXXKnh+kw2FTNht7203i2Iynhj5bQ3b/LSXZTw/kAA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723391678; a=rsa-sha256; cv=none; b=u/TTon1b5AnQdd3NbICzKzGM+5wmSX3WoLB68lMYznj/oh+WcT7ASoGhC1XYbIlNrMJ2Jb 9xZvbY0V1+gVBBX45XzRzNaWaUKVfufYesUS/PwTkhbQcV25BQ7eIF3ZRzHNJplL08mEtH CSSzEjC5jzKG9E7E9zLGxnFb9ylEQcria/0wlvvUVM9M/Aq30Iw6RaO8SsYgyWvXWOym16 v11y5VDRQp0aE2ZsCYz3aVNIKrsHDMKiWX/cY6azl7jx5oFTzdpRnjKluZwSpCXhPQqHRI 94WdULBm9+8RkaZ73lJh1cW2vKrnPUBIoEUGlOOmjDMibhzlIs3df956fbiQZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723391678; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aZHoNh7hAsX7PuXBJ81IMiOV0SHOdixOUoeaUFQyRaE=; b=THsTKrEA463enAwKio8wFpmjziRgE4QQ+DKmyPoOjZKg7hNTxE3oobdxS2sw7kv7Znu6VK DWnT5In2HpFMKy+PeZsvZekC0eZzc1onIYsnpn13Zu34XyxHnsyzm5TN71UcCL8qkR2wNi QDpZAeNw4XromGNHI4jqQxZv9N6IazaHfq0tjlQeu6no9Kc00wGypFxgZBxLh+MEaRKQ9s 48jPSBJmlr4vKcHgcOdUIOaJZWbwKHPQ4idQwuPHsa88hsoxlb66MsYLq5z3O0LbT4KaX4 S5/QenrIB5q0dGGuxGkfgL1vcXW9r+sYSFAam8fOMhYj910UigRLqOq1O8jy+A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Whhzf4wH3zqhc; Sun, 11 Aug 2024 15:54:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47BFscWx005810; Sun, 11 Aug 2024 15:54:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47BFscJR005807; Sun, 11 Aug 2024 15:54:38 GMT (envelope-from git) Date: Sun, 11 Aug 2024 15:54:38 GMT Message-Id: <202408111554.47BFscJR005807@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: 5ab6ed93cd36 - main - faccessat(2): Honor AT_SYMLINK_NOFOLLOW List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5ab6ed93cd3680f8b69dd4d05823f4740a2bdef9 Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/src/commit/?id=5ab6ed93cd3680f8b69dd4d05823f4740a2bdef9 commit 5ab6ed93cd3680f8b69dd4d05823f4740a2bdef9 Author: Fernando ApesteguĂ­a AuthorDate: 2024-08-11 15:43:04 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2024-08-11 15:49:06 +0000 faccessat(2): Honor AT_SYMLINK_NOFOLLOW Make the system call honor `AT_SYMLINK_NOFOLLOW`. Also enable this from `linux_faccessat2` where the issue arised the first time. Update manual pages accordingly. PR: 275295 Reported by: kenrap@kennethraplee.com Approved by: kib@ Differential Revision: https://reviews.freebsd.org/D46267 --- bin/ln/symlink.7 | 3 ++- lib/libsys/access.2 | 6 +++++- sys/compat/linux/linux_file.c | 6 ++++-- sys/kern/vfs_syscalls.c | 7 ++++--- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/bin/ln/symlink.7 b/bin/ln/symlink.7 index 1789cbe5bc80..28d9908f2053 100644 --- a/bin/ln/symlink.7 +++ b/bin/ln/symlink.7 @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 16, 2015 +.Dd August 11, 2024 .Dt SYMLINK 7 .Os .Sh NAME @@ -144,6 +144,7 @@ unless given the .Dv AT_SYMLINK_NOFOLLOW flag: .Xr chflagsat 2 , +.Xr faccessat 2 , .Xr fchmodat 2 , .Xr fchownat 2 , .Xr fstatat 2 diff --git a/lib/libsys/access.2 b/lib/libsys/access.2 index 46c00362a574..94a13dcc4dcf 100644 --- a/lib/libsys/access.2 +++ b/lib/libsys/access.2 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 21, 2024 +.Dd August 11, 2024 .Dt ACCESS 2 .Os .Sh NAME @@ -154,6 +154,10 @@ If is equal to .Dv AT_FDCWD , operate on the current working directory. +.It Dv AT_SYMLINK_NOFOLLOW +If +.Fa path +names a symbolic link, access of the symbolic link is evaluated. .El .Pp Even if a process's real or effective user has appropriate privileges diff --git a/sys/compat/linux/linux_file.c b/sys/compat/linux/linux_file.c index 5f510004c684..246bc26d85d4 100644 --- a/sys/compat/linux/linux_file.c +++ b/sys/compat/linux/linux_file.c @@ -636,8 +636,8 @@ linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args) { int flags, unsupported; - /* XXX. AT_SYMLINK_NOFOLLOW is not supported by kern_accessat */ - unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH); + unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH | + LINUX_AT_SYMLINK_NOFOLLOW); if (unsupported != 0) { linux_msg(td, "faccessat2 unsupported flag 0x%x", unsupported); return (EINVAL); @@ -647,6 +647,8 @@ linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args) AT_EACCESS; flags |= (args->flags & LINUX_AT_EMPTY_PATH) == 0 ? 0 : AT_EMPTY_PATH; + flags |= (args->flags & LINUX_AT_SYMLINK_NOFOLLOW) == 0 ? 0 : + AT_SYMLINK_NOFOLLOW; return (linux_do_accessat(td, args->dfd, args->filename, args->amode, flags)); } diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index c9a039515a77..28ab3080c075 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -2151,7 +2151,8 @@ kern_accessat(struct thread *td, int fd, const char *path, struct nameidata nd; int error; - if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH)) != 0) + if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH | + AT_SYMLINK_NOFOLLOW)) != 0) return (EINVAL); if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0) return (EINVAL); @@ -2171,8 +2172,8 @@ kern_accessat(struct thread *td, int fd, const char *path, } else usecred = cred; AUDIT_ARG_VALUE(amode); - NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | - AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH | + NDINIT_ATRIGHTS(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | + AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH | AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH), pathseg, path, fd, &cap_fstat_rights); if ((error = namei(&nd)) != 0) goto out;