On Thu, Sep 10, 2020 at 12:39:50PM -0400, Rich Felker wrote: > On Thu, Sep 10, 2020 at 05:20:59PM +0100, Christoph Hellwig wrote: > > On Thu, Sep 10, 2020 at 10:23:37AM -0400, Rich Felker wrote: > > > userspace emulation done in libc implementations. No change is made to > > > the underlying chmod_common(), so it's still possible to attempt > > > changes via procfs, if desired. > > > > And that is the goddamn problem. We need to fix that _first_. > > Can you clarify exactly what that is? Do you mean fixing the > underlying fs backends, or just ensuring that the chmod for symlinks > doesn't reach them by putting the check in chmod_common? I'm ok with > any of these. Either - we need to make sure the user can't change the permission bits. > > After that we can add sugarcoating using new syscalls if needed. > > The new syscall is _not_ about this problem. It's about the missing > flags argument and inability to implement fchmodat() without access to > procfs. The above problem is just something you encounter and have to > make a decision about in order to fix the missing flags problem and > make a working AT_SYMLINK_NOFOLLOW. And I'm generally supportive of that. But we need to fix the damn bug first an then do nice to haves.
