diff options
| author | Nick Kralevich <nnk@google.com> | 2015-01-31 19:57:46 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-02-02 13:17:17 -0800 |
| commit | 3cbc6c627fe57c9a9783c52d148078f8d52f7b96 (patch) | |
| tree | ea5b0dc49aaa16f25e2262cd5560070ae65923b9 /libc/arch-x86_64 | |
| parent | 21cdd22f035efd50902b7780fc6ea53bd1684357 (diff) | |
| download | bionic-3cbc6c627fe57c9a9783c52d148078f8d52f7b96.zip bionic-3cbc6c627fe57c9a9783c52d148078f8d52f7b96.tar.gz bionic-3cbc6c627fe57c9a9783c52d148078f8d52f7b96.tar.bz2 | |
Add fchmodat(AT_SYMLINK_NOFOLLOW) and fchmod O_PATH support
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
Diffstat (limited to 'libc/arch-x86_64')
| -rw-r--r-- | libc/arch-x86_64/syscalls/__fchmod.S (renamed from libc/arch-x86_64/syscalls/fchmod.S) | 5 | ||||
| -rw-r--r-- | libc/arch-x86_64/syscalls/__fchmodat.S (renamed from libc/arch-x86_64/syscalls/fchmodat.S) | 6 |
2 files changed, 6 insertions, 5 deletions
diff --git a/libc/arch-x86_64/syscalls/fchmod.S b/libc/arch-x86_64/syscalls/__fchmod.S index b35bd21..ba75f74 100644 --- a/libc/arch-x86_64/syscalls/fchmod.S +++ b/libc/arch-x86_64/syscalls/__fchmod.S @@ -2,7 +2,7 @@ #include <private/bionic_asm.h> -ENTRY(fchmod) +ENTRY(__fchmod) movl $__NR_fchmod, %eax syscall cmpq $-MAX_ERRNO, %rax @@ -12,4 +12,5 @@ ENTRY(fchmod) call __set_errno_internal 1: ret -END(fchmod) +END(__fchmod) +.hidden __fchmod diff --git a/libc/arch-x86_64/syscalls/fchmodat.S b/libc/arch-x86_64/syscalls/__fchmodat.S index 2d78d8e..a8fae95 100644 --- a/libc/arch-x86_64/syscalls/fchmodat.S +++ b/libc/arch-x86_64/syscalls/__fchmodat.S @@ -2,8 +2,7 @@ #include <private/bionic_asm.h> -ENTRY(fchmodat) - movq %rcx, %r10 +ENTRY(__fchmodat) movl $__NR_fchmodat, %eax syscall cmpq $-MAX_ERRNO, %rax @@ -13,4 +12,5 @@ ENTRY(fchmodat) call __set_errno_internal 1: ret -END(fchmodat) +END(__fchmodat) +.hidden __fchmodat |