On Fri, 24 Feb 2017 17:22:19 +0100 Jann Horn <ja...@google.com> wrote: > [...] > And unfortunately, that flags argument is not actually present in the > real syscall. > See this glibc code: > > int > fchmodat (int fd, const char *file, mode_t mode, int flag) > { > if (flag & ~AT_SYMLINK_NOFOLLOW) > return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL); > #ifndef __NR_lchmod /* Linux so far has no lchmod syscall. */ > if (flag & AT_SYMLINK_NOFOLLOW) > return INLINE_SYSCALL_ERROR_RETURN_VALUE (ENOTSUP); > #endif > > return INLINE_SYSCALL (fchmodat, 3, fd, file, mode); > } > > and this kernel code: > > SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, > umode_t, mode) > { > [...] > } > > So to fix this, you'll probably have to add a new syscall fchmodat2() > to the kernel, > wire it up for all the architectures and get the various libc > implementations to adopt > that. That's going to be quite tedious. :(
Yeah, Eric and I had a discussion about that on irc. I'll start to work on the kernel part, at least. Indeed, adoption by the various libc is likely to take some time... When the syscalls are available in the kernel, maybe it is possible to implement something in the 9pfs code with the syscall() function. In the meantime, we'll have to live with a degraded version of fchmodat() based on openat()+fchmod(). This will fail if the file isn't accessible but it is better than allowing the guest to chmod() any file on the host.
pgpqEQlPFq4c6.pgp
Description: OpenPGP digital signature