diff options
| author | Nick Kralevich <nnk@google.com> | 2015-02-24 13:40:43 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-02-24 13:40:43 -0800 |
| commit | 35778253a5ed71e87a608ca590b63729d9f88567 (patch) | |
| tree | d9e6112654bf2faa754abd9f28bc20c2ccccff57 /libc/arch-x86_64 | |
| parent | 2aef607b25c463baed5ae70d14212e24ea7bcf2b (diff) | |
| download | bionic-35778253a5ed71e87a608ca590b63729d9f88567.zip bionic-35778253a5ed71e87a608ca590b63729d9f88567.tar.gz bionic-35778253a5ed71e87a608ca590b63729d9f88567.tar.bz2 | |
Fix "faccessat ignores flags"
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.
Fix the kernel system call so that no flags argument is passed in.
Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.
For example, consider the following code:
symlink("foo.is.dangling", "foo");
if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
}
The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.
Some further discussions of this are at:
* http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
* http://permalink.gmane.org/gmane.linux.lib.musl.general/6952
AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.
Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.
Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
Diffstat (limited to 'libc/arch-x86_64')
| -rw-r--r-- | libc/arch-x86_64/syscalls/___faccessat.S (renamed from libc/arch-x86_64/syscalls/faccessat.S) | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/libc/arch-x86_64/syscalls/faccessat.S b/libc/arch-x86_64/syscalls/___faccessat.S index 05a6e78..e8fd3f5 100644 --- a/libc/arch-x86_64/syscalls/faccessat.S +++ b/libc/arch-x86_64/syscalls/___faccessat.S @@ -2,8 +2,7 @@ #include <private/bionic_asm.h> -ENTRY(faccessat) - movq %rcx, %r10 +ENTRY(___faccessat) movl $__NR_faccessat, %eax syscall cmpq $-MAX_ERRNO, %rax @@ -13,4 +12,5 @@ ENTRY(faccessat) call __set_errno_internal 1: ret -END(faccessat) +END(___faccessat) +.hidden ___faccessat |