[Samba] O_PATH, FreeBSD & acl_xx_fd

[Peter Eriksson]

> On 30 May 2023, at 21:12, Jeremy Allison via samba-technical <samba-technical at lists.samba.org> wrote:
> 
> On Tue, May 30, 2023 at 08:45:20PM +0200, Peter Eriksson via samba-technical wrote:
>>> On 30 May 2023, at 19:50, Jeremy Allison <jra at samba.org> wrote:
>>> 
>>> Excellent ! These are the current places where the
>>> horrid hack is used:
>>> 
>>> git grep sys_proc_fd_path
>>> source3/include/proto.h:const char *sys_proc_fd_path(int fd, char *buf, size_t bufsize);
>>> source3/lib/system.c:const char *sys_proc_fd_path(int fd, char *buf, size_t bufsize)
>>> source3/modules/vfs_btrfs.c:    p = sys_proc_fd_path(fsp_fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_default.c:          p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_gpfs.c:                     p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_gpfs.c:             p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_gpfs.c:             p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_gpfs.c:             p = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_posixacl.c:         proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_posixacl.c:         proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/modules/vfs_posixacl.c:         proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
>>> source3/smbd/open.c:    p = sys_proc_fd_path(old_fd, buf, sizeof(buf));
>>> 
>>> So these are all the places you're going to run into the
>>> same problem with O_PATH opened fd's.
>>> 
>> 
>> If I’m reading that code correctly most of those places seems to (fchown used as an example):
>> 
>> 1. If fsp is not a pathref then: fchown(fsp_get_io_fd(fsp)…)
>> 2. If have_proc_fds is true, then use sys_proc_fd_path to operate on a path (chown)
>> 3. Then as a last fallback get the path from fsp->fsp_name->base_name) and operate on a path (chown)
>> 
>> That is probably why things seems to work for most stuff for me - except the vfs_zfsacl module that doesn’t try to use the #3).
>> 
>> Hmm. Use openat() or the last fallback? Decisions decisions :-) openat() feels like a better solution but I’m not sure…
> 
> Use openat() - DO NOT USE THE LAST FALLBACK. It is insecure, and
> only there for old systems that have no O_PATH.
> 
> It might be worth your while to refactor this code so
> that the FreeBSD openat(fd, "", O_EMPTY_PATH) thing is
> an option instead of (2).

Ok :-)

Uploaded a new patch to bug 15376 that implements the openat() fix for vfs_zfsacl.c, vfs_default.c and smbd/open.c and it seems to work. Needs a bit more testing/verification though to make sure I’m not doing something stupid… :-)

https://bugzilla.samba.org/show_bug.cgi?id=15376

- Peter