On 14 Dec 2009, at 16:08, Bruce Evans wrote:

> On Mon, 14 Dec 2009, Robert Watson wrote:
> 
>> Log:
>> Merge r197808 from head to stable/8:
>> 
>>   In rtld's map_object(), use pread(..., 0) rather than read() to read the
>>   ELF header from the front of the file.  As all other I/O on the binary
>>   is done using mmap(), this avoids the need for seek privileges on the
>>   file descriptor during run-time linking.
> 
> Doesn't/shouldn't pread() require seek privileges?  It certainly uses them.

I think there are actually multiple notions of "seek":

- Manipulation of the file descriptor offset, which occurs explicitly with 
lseek(2) or implicitly with read(2)/write(2)/..., but not with 
pread(2)/pwrite(2)/sendfile(2)/...
- Underlying object offset, such as the current location of the head relative 
to a tape in a tape drive, which will be manipulated implicitly as IO requests 
go down the stack regardless of the file descriptor offset changing

For the purposes of our ongoing capability project, the right to seek refers to 
changing the file descriptor offset, as in most instances we're interested in, 
the underlying object is a file rather than a special device. In particular, we 
want to be able to pass around capabilities for key libraries (the runtime 
linker itself, libc, etc) and share them between mutually untrusting processes, 
and not have the file descriptor offset allow interference between them.

Further confusing matters, we maintain file descriptor-level offsets for some 
stream-oriented objects, such as tty's, but not others, such as sockets.

Robert_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to