2008/4/29 Mark Seaborn <[EMAIL PROTECTED]>:
> Thomas Leonard <[EMAIL PROTECTED]> wrote:
> > unlink("HelloWorld/main") = 0
> > open("HelloWorld/main", O_RDWR|O_CREAT|O_TRUNC, 0666) = 12
> > write(12, "#!/bin/sh\necho Hello World\n", 27) = 27
> > fchmod(12, 0100755) = 0
>
> This is a tricky one. The cause is simple: fchmod() is one of those
> operations for which file descriptors do not behave like capabilities.
> fchmod() only works if the process is running under the UID that owns
> the inode. So fchmod() has never worked under Plash.
[...]
Ah. I hadn't appreciated the complexity behind this! Thanks for the
explanation.
> I can think of two ways to support fchmod().
>
> 1. The server process could provide a generic fchmod() operation that
> takes an FD and a mode and invokes fchmod() under its own UID. This
> would be very coarse-grained. This limits our ability to restrict
> chmod() operations on files that we have granted to sandboxed
> processes. fchmod() does not normally look at the FD's open flags;
> you can use it on read-only FDs. We would probably have to check the
> open flags using fcntl() (F_GETFL).
That sounds reasonable. If I give a program write access to a file, then I'm
probably OK with it being able to change the permissions too, and if I don't
want a program to write to a file then I probably don't want the permissions
changed either. Anything else would be too confusing!
> I was planning on doing a release of Plash soon. Would you object if
> I made a release before trying to fix this? It is not a trivial thing
> to fix. It looks like tar still works: it uses open() to set the file
> mode instead of fchmod().
OK. I think I'll disable Zero Install's Plash support for now as it
hasn't worked
for some time. I'll re-enable it once everything is working again...
Thanks!
--
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
_______________________________________________
Plash mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/plash
