about summary refs log tree commit diff
path: root/src/stat/fchmodat.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-08-02 12:25:32 -0400
committerRich Felker <dalias@aerifal.cx>2013-08-02 12:25:32 -0400
commit0dc4824479e357a3e23a02d35527e23fca920343 (patch)
treea293864b7e9dc56a3ed9488576134a68812b82b1 /src/stat/fchmodat.c
parent3e3753c1a8e047dc84f9db1dc26bb046cff457a6 (diff)
downloadmusl-0dc4824479e357a3e23a02d35527e23fca920343.tar.gz
musl-0dc4824479e357a3e23a02d35527e23fca920343.tar.xz
musl-0dc4824479e357a3e23a02d35527e23fca920343.zip
work around linux's lack of flags argument to fchmodat syscall
previously, the AT_SYMLINK_NOFOLLOW flag was ignored, giving
dangerously incorrect behavior -- the target of the symlink had its
modes changed to the modes (usually 0777) intended for the symlink).
this issue was amplified by the fact that musl provides lchmod, as a
wrapper for fchmodat, which some archival programs take as a sign that
symlink modes are supported and thus attempt to use.

emulating AT_SYMLINK_NOFOLLOW was a difficult problem, and I
originally believed it could not be solved, at least not without
depending on kernels newer than 3.5.x or so where O_PATH works halfway
well. however, it turns out that accessing O_PATH file descriptors via
their pseudo-symlink entries in /proc/self/fd works much better than
trying to use the fd directly, and works even on older kernels.
moreover, the kernel has permanently pegged these references to the
inode obtained by the O_PATH open, so there should not be race
conditions with the file being moved, deleted, replaced, etc.
Diffstat (limited to 'src/stat/fchmodat.c')
-rw-r--r--src/stat/fchmodat.c30
1 files changed, 29 insertions, 1 deletions
diff --git a/src/stat/fchmodat.c b/src/stat/fchmodat.c
index 61d32065..c1410bc5 100644
--- a/src/stat/fchmodat.c
+++ b/src/stat/fchmodat.c
@@ -1,7 +1,35 @@
 #include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
 #include "syscall.h"
 
 int fchmodat(int fd, const char *path, mode_t mode, int flag)
 {
-	return syscall(SYS_fchmodat, fd, path, mode, flag);
+	if (!flag) return syscall(SYS_fchmodat, fd, path, mode, flag);
+
+	if (flag != AT_SYMLINK_NOFOLLOW)
+		return __syscall_ret(-EINVAL);
+
+	struct stat st;
+	int ret, fd2;
+	char proc[15+3*sizeof(int)];
+
+	if ((ret = __syscall(SYS_fstatat, fd, path, &st, flag)))
+		return __syscall_ret(ret);
+	if (S_ISLNK(st.st_mode))
+		return __syscall_ret(-EOPNOTSUPP);
+
+	if ((fd2 = __syscall(SYS_openat, fd, path, O_RDONLY|O_PATH|O_NOFOLLOW|O_NOCTTY)) < 0) {
+		if (fd2 == -ELOOP)
+			return __syscall_ret(-EOPNOTSUPP);
+		return __syscall_ret(fd2);
+	}
+
+	snprintf(proc, sizeof proc, "/proc/self/fd/%d", fd2);
+	if (!(ret = __syscall(SYS_stat, proc, &st)) && !S_ISLNK(st.st_mode))
+		ret = __syscall(SYS_chmod, proc, mode);
+
+	__syscall(SYS_close, fd2);
+	return __syscall_ret(ret);
 }