[Samba] O_PATH, FreeBSD & acl_xx_fd

Tue May 30 19:12:28 UTC 2023

On Tue, May 30, 2023 at 08:45:20PM +0200, Peter Eriksson via samba-technical wrote:
>> On 30 May 2023, at 19:50, Jeremy Allison <jra at samba.org> wrote:
>>
>> Excellent ! These are the current places where the
>> horrid hack is used:
>>
>> git grep sys_proc_fd_path
>> source3/include/proto.h:const char *sys_proc_fd_path(int fd, char *buf, size_t bufsize);
>> source3/lib/system.c:const char *sys_proc_fd_path(int fd, char *buf, size_t bufsize)
>> source3/modules/vfs_btrfs.c:    p = sys_proc_fd_path(fsp_fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_gpfs.c:                     p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_gpfs.c:             p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_gpfs.c:             p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_gpfs.c:             p = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_posixacl.c:         proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_posixacl.c:         proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/modules/vfs_posixacl.c:         proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
>> source3/smbd/open.c:    p = sys_proc_fd_path(old_fd, buf, sizeof(buf));
>>
>> So these are all the places you're going to run into the
>> same problem with O_PATH opened fd's.
>>
>
>If I’m reading that code correctly most of those places seems to (fchown used as an example):
>
>1. If fsp is not a pathref then: fchown(fsp_get_io_fd(fsp)…)
>2. If have_proc_fds is true, then use sys_proc_fd_path to operate on a path (chown)
>3. Then as a last fallback get the path from fsp->fsp_name->base_name) and operate on a path (chown)
>
>That is probably why things seems to work for most stuff for me - except the vfs_zfsacl module that doesn’t try to use the #3).
>
>Hmm. Use openat() or the last fallback? Decisions decisions :-) openat() feels like a better solution but I’m not sure…

Use openat() - DO NOT USE THE LAST FALLBACK. It is insecure, and
only there for old systems that have no O_PATH.

It might be worth your while to refactor this code so
that the FreeBSD openat(fd, "", O_EMPTY_PATH) thing is
an option instead of (2).