mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-26 20:12:44 +00:00
faccessat(2): Honor AT_SYMLINK_NOFOLLOW
Make the system call honor `AT_SYMLINK_NOFOLLOW`. Also enable this from `linux_faccessat2` where the issue arised the first time. Update manual pages accordingly. PR: 275295 Reported by: kenrap@kennethraplee.com Approved by: kib@ Differential Revision: https://reviews.freebsd.org/D46267
This commit is contained in:
parent
7a8d05ba19
commit
5ab6ed93cd
@ -26,7 +26,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd February 16, 2015
|
||||
.Dd August 11, 2024
|
||||
.Dt SYMLINK 7
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -144,6 +144,7 @@ unless given the
|
||||
.Dv AT_SYMLINK_NOFOLLOW
|
||||
flag:
|
||||
.Xr chflagsat 2 ,
|
||||
.Xr faccessat 2 ,
|
||||
.Xr fchmodat 2 ,
|
||||
.Xr fchownat 2 ,
|
||||
.Xr fstatat 2
|
||||
|
@ -25,7 +25,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd May 21, 2024
|
||||
.Dd August 11, 2024
|
||||
.Dt ACCESS 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -154,6 +154,10 @@ If
|
||||
is equal to
|
||||
.Dv AT_FDCWD ,
|
||||
operate on the current working directory.
|
||||
.It Dv AT_SYMLINK_NOFOLLOW
|
||||
If
|
||||
.Fa path
|
||||
names a symbolic link, access of the symbolic link is evaluated.
|
||||
.El
|
||||
.Pp
|
||||
Even if a process's real or effective user has appropriate privileges
|
||||
|
@ -636,8 +636,8 @@ linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args)
|
||||
{
|
||||
int flags, unsupported;
|
||||
|
||||
/* XXX. AT_SYMLINK_NOFOLLOW is not supported by kern_accessat */
|
||||
unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH);
|
||||
unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH |
|
||||
LINUX_AT_SYMLINK_NOFOLLOW);
|
||||
if (unsupported != 0) {
|
||||
linux_msg(td, "faccessat2 unsupported flag 0x%x", unsupported);
|
||||
return (EINVAL);
|
||||
@ -647,6 +647,8 @@ linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args)
|
||||
AT_EACCESS;
|
||||
flags |= (args->flags & LINUX_AT_EMPTY_PATH) == 0 ? 0 :
|
||||
AT_EMPTY_PATH;
|
||||
flags |= (args->flags & LINUX_AT_SYMLINK_NOFOLLOW) == 0 ? 0 :
|
||||
AT_SYMLINK_NOFOLLOW;
|
||||
return (linux_do_accessat(td, args->dfd, args->filename, args->amode,
|
||||
flags));
|
||||
}
|
||||
|
@ -2151,7 +2151,8 @@ kern_accessat(struct thread *td, int fd, const char *path,
|
||||
struct nameidata nd;
|
||||
int error;
|
||||
|
||||
if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH)) != 0)
|
||||
if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH |
|
||||
AT_SYMLINK_NOFOLLOW)) != 0)
|
||||
return (EINVAL);
|
||||
if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
|
||||
return (EINVAL);
|
||||
@ -2171,8 +2172,8 @@ kern_accessat(struct thread *td, int fd, const char *path,
|
||||
} else
|
||||
usecred = cred;
|
||||
AUDIT_ARG_VALUE(amode);
|
||||
NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
|
||||
AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH |
|
||||
NDINIT_ATRIGHTS(&nd, LOOKUP, LOCKSHARED | LOCKLEAF |
|
||||
AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH | AT_SYMLINK_NOFOLLOW |
|
||||
AT_EMPTY_PATH), pathseg, path, fd, &cap_fstat_rights);
|
||||
if ((error = namei(&nd)) != 0)
|
||||
goto out;
|
||||
|
Loading…
Reference in New Issue
Block a user