faccessat(2): Honor AT_SYMLINK_NOFOLLOW

Make the system call honor `AT_SYMLINK_NOFOLLOW`.

Also enable this from `linux_faccessat2` where the issue arised the first time.
Update manual pages accordingly.

PR:			275295
Reported by:		kenrap@kennethraplee.com
Approved by:		kib@
Differential Revision:	https://reviews.freebsd.org/D46267
This commit is contained in:
Fernando Apesteguía 2024-08-11 17:43:04 +02:00
parent 7a8d05ba19
commit 5ab6ed93cd
4 changed files with 15 additions and 7 deletions

View File

@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd February 16, 2015
.Dd August 11, 2024
.Dt SYMLINK 7
.Os
.Sh NAME
@ -144,6 +144,7 @@ unless given the
.Dv AT_SYMLINK_NOFOLLOW
flag:
.Xr chflagsat 2 ,
.Xr faccessat 2 ,
.Xr fchmodat 2 ,
.Xr fchownat 2 ,
.Xr fstatat 2

View File

@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd May 21, 2024
.Dd August 11, 2024
.Dt ACCESS 2
.Os
.Sh NAME
@ -154,6 +154,10 @@ If
is equal to
.Dv AT_FDCWD ,
operate on the current working directory.
.It Dv AT_SYMLINK_NOFOLLOW
If
.Fa path
names a symbolic link, access of the symbolic link is evaluated.
.El
.Pp
Even if a process's real or effective user has appropriate privileges

View File

@ -636,8 +636,8 @@ linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args)
{
int flags, unsupported;
/* XXX. AT_SYMLINK_NOFOLLOW is not supported by kern_accessat */
unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH);
unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH |
LINUX_AT_SYMLINK_NOFOLLOW);
if (unsupported != 0) {
linux_msg(td, "faccessat2 unsupported flag 0x%x", unsupported);
return (EINVAL);
@ -647,6 +647,8 @@ linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args)
AT_EACCESS;
flags |= (args->flags & LINUX_AT_EMPTY_PATH) == 0 ? 0 :
AT_EMPTY_PATH;
flags |= (args->flags & LINUX_AT_SYMLINK_NOFOLLOW) == 0 ? 0 :
AT_SYMLINK_NOFOLLOW;
return (linux_do_accessat(td, args->dfd, args->filename, args->amode,
flags));
}

View File

@ -2151,7 +2151,8 @@ kern_accessat(struct thread *td, int fd, const char *path,
struct nameidata nd;
int error;
if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH)) != 0)
if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH |
AT_SYMLINK_NOFOLLOW)) != 0)
return (EINVAL);
if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
return (EINVAL);
@ -2171,8 +2172,8 @@ kern_accessat(struct thread *td, int fd, const char *path,
} else
usecred = cred;
AUDIT_ARG_VALUE(amode);
NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH |
NDINIT_ATRIGHTS(&nd, LOOKUP, LOCKSHARED | LOCKLEAF |
AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH | AT_SYMLINK_NOFOLLOW |
AT_EMPTY_PATH), pathseg, path, fd, &cap_fstat_rights);
if ((error = namei(&nd)) != 0)
goto out;