On Fri, Jan 09, 2015 at 05:46:28PM +0000, David Drysdale wrote: > > It's AT_EXECFN, > > /proc/self/exe, and filenames shown elsewhere in /proc that may be > > derived in odd ways. > > > > I would also move the text about O_CLOEXEC to a BUGS or NOTES section > > rather than the main description. The long-term intent should be that > > script execution this way should work. IIRC this was discussed earlier > > in the thread. > > I may be misremembering, but I thought we hoped to be able to fix > execveat of a script without /proc in future, but didn't expect to fix > execveat of a script via an O_CLOEXEC fd (because in the latter > case the fd gets closed before the script interpreter runs, so even > if the interpreter (or a special filesystem) does clever things for names > starting with "/dev/fd/..." the file descriptor is already gone). I think this is a case that needs to be fixed, though it's hard. The normal correct usage for fexecve is to always pass an O_CLOEXEC file descriptor, and the caller can't really be expected to know whether the file is a script or not. We discussed workarounds before and one idea I proposed was having fexecve provide a "one open only" magic symlink in /proc/self/ to pass to the interpreter. It would behave like an O_PATH file descriptor magic symlink in /proc/self/fd, but would automatically cease to exist on the first open (at which point the interpreter would have a real O_RDONLY file descriptor for the underlying file). Rich -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
