From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fw@deneb.enyo.de>
Received: from albireo.enyo.de (albireo.enyo.de [37.24.231.21])
 by sourceware.org (Postfix) with ESMTPS id 2139D386F451
 for <libc-alpha@sourceware.org>; Tue, 28 Apr 2020 17:50:34 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 2139D386F451
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=deneb.enyo.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=fw@deneb.enyo.de
Received: from [172.17.203.2] (helo=deneb.enyo.de)
 by albireo.enyo.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 id 1jTUNM-0004o4-M1; Tue, 28 Apr 2020 17:50:32 +0000
Received: from fw by deneb.enyo.de with local (Exim 4.92)
 (envelope-from <fw@deneb.enyo.de>)
 id 1jTUNM-0006s7-K9; Tue, 28 Apr 2020 19:50:32 +0200
From: Florian Weimer <fw@deneb.enyo.de>
To: Adhemerval Zanella via Libc-alpha <libc-alpha@sourceware.org>
Subject: Re: [PATCH] Linux: Add execveat system call wrapper
References: <20200428122019.26826-1-ahajkova@redhat.com>
 <c9a29aa3-6010-8206-6219-b01c238a9608@linaro.org>
Date: Tue, 28 Apr 2020 19:50:32 +0200
In-Reply-To: <c9a29aa3-6010-8206-6219-b01c238a9608@linaro.org> (Adhemerval
 Zanella via Libc-alpha's message of "Tue, 28 Apr 2020 14:44:11 -0300")
Message-ID: <87pnbrmrdj.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-9.2 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 17:50:35 -0000

* Adhemerval Zanella via Libc-alpha:

> On 28/04/2020 09:20, Alexandra H=E1jkov=E1 via Libc-alpha wrote:
>
>> +/* Execute the file FD refers to, overlaying the running program image.
>> +   ARGV and ENVP are passed to the new program, as for `execve'.  */
>> +int
>> +execveat (int dirfd, const char *path, char *const argv[], char *const =
envp[],
>> +          int flags)
>> +{
>> +  /* Avoid implicit array coercion in syscall macros.  */
>> +  INLINE_SYSCALL_CALL (execveat, dirfd, path, &argv[0], &envp[0], flags=
);
>> +#ifndef __ASSUME_EXECVEAT
>> +  if (errno !=3D ENOSYS)
>> +    return -1;
>> +
>> +  int fd =3D openat (dirfd, path, flags | O_CLOEXEC);
>> +  if (fd < 0)
>> +    return -1;
>> +
>
> Is this subject to a TOCTOU where a thread might close the fd by explicit=
ly
> reading /proc/self/fd/?

Sure, but that's as undefined as closing a file descriptor that the
code has not opened.  This impacts any code in glibc which opens file
descriptors.  I don't think it's a problem.