On Thu, Apr 15, 2021 at 9:09 PM Christian Brauner
<christian.brauner@xxxxxxxxxx> wrote:
> Hm, I get your point but if you e.g. look at fs/exec.c we already do
> have that problem today:
>
> SYSCALL_DEFINE5(execveat,
> int, fd, const char __user *, filename,
> const char __user *const __user *, argv,
> const char __user *const __user *, envp,
> int, flags)
> {
> int lookup_flags = (flags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;
>
> return do_execveat(fd,
> getname_flags(filename, lookup_flags, NULL),
> argv, envp, flags);
> }
>
> The new simple flag helper would simplify things because right now it
> pretends that it cares about multiple flags where it actually just cares
> about whether or not empty pathnames are allowed and it forces callers
> to translate between flags too.
Hi Christian,
Sorry for the long silence, I got overwhelmed by the primary job and life
stuff. I've finally carved out some time to work on this. I left out the
"make getname_flags accept a single boolean instead of flags" bit to
make the change smaller. If you think it's something that definitely
should be in this patch set then let me know, I'll put it back in. I'm
still somewhat concerned about the separation of the capability check
and the actual logic to get the name, but I guess I'll just post what I
have and collect comments.
I'll send the v4 soon.
--
Dmitry Kadashev
