From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=f9N/=AP=gmail.com=bugaevc@sourceware.org>
Received: from mail-oa1-x29.google.com (mail-oa1-x29.google.com [IPv6:2001:4860:4864:20::29])
	by sourceware.org (Postfix) with ESMTPS id 913EF3858D39
	for <libc-alpha@sourceware.org>; Mon, 24 Apr 2023 21:36:10 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 913EF3858D39
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-oa1-x29.google.com with SMTP id 586e51a60fabf-187b70ab997so27169926fac.0
        for <libc-alpha@sourceware.org>; Mon, 24 Apr 2023 14:36:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1682372170; x=1684964170;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=GAukmsWszGI79cketIWF+EgfSLF9z4Ocga+n4b0Lwf0=;
        b=dQuaL7buxXDS9L33daWdHA46Ock8/oquVrHmFohvEz+EklJUQ8mQNGIyKMzEH6vpVg
         JVOoMt8elgBjb2Al9EN+gBw1DkyhEiBoB9nbwlJVuTKm647MIqaubhgP6JH5inAF59T2
         RI2YVkKfeIxGhnXnJvpCMBaiB8TcgHS2coWCxIXpaYX6EhKlFTRBx8Xews4opOElFsIV
         8GJdjYPCuSX3UMQgQGA3OpBvA7L0i8ag5oYAusdmeC3q7z5vqGRRv2DhxB05Q6W4csYS
         L5lPuT6eTkmgncLmTSl4wtp6FMRf7sVwjhxB++URTgn56SfVHDpWJDe2a+0CVujSQoCC
         Xs0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1682372170; x=1684964170;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=GAukmsWszGI79cketIWF+EgfSLF9z4Ocga+n4b0Lwf0=;
        b=CmeAzDlfssFZqYS4O8f74xOXkqPcjbkc17oaPGw4EMshjjC9bPa6OjukLCYTqx4xl3
         5sqgMYrfR7WmyeIUR3Q1q2ilQv+QVengSSfJJ6uP2f4hAw/DHKmU+lQcMuVKB9nEU5He
         JH7VWqoXq9dcacmNJSrmVmq5dxldHfVqCYpu7lTuwQV/ZSnr9kya73mbWTeiZbRL2+py
         UljHoiWkkIXkf4UXF3OACxYK0xje/Et8C6F3yJ9SLfvWxfHw3Hp+rSIjqZIioxnS47pU
         MpMLNrrHT573TDcgfy2ZXpNAZglCMx1CNT29Z7Ksd9Df7ToBbRUc6LFXkb2gpjzXPFS+
         dHsA==
X-Gm-Message-State: AAQBX9dtv3JNrhqs0/ezf2/kxgis7GohYOaUMkJ7oe9D1e1N2Huwqoes
	E4aZBiEiOXEmNsSjcaTGue1Kk2P1Ragw2LYed6NMQskXMk5O4A==
X-Google-Smtp-Source: AKy350apybzx1li3pJaJBHf6/BM+9p8gXxCHz82PXw7zU9KCPIpSpv745ZYRQZAer118NbNBQD/I7oeK7QuuPzLs6N8=
X-Received: by 2002:a05:6820:198c:b0:549:d9c2:8e6a with SMTP id
 bp12-20020a056820198c00b00549d9c28e6amr1186163oob.3.1682372169516; Mon, 24
 Apr 2023 14:36:09 -0700 (PDT)
MIME-Version: 1.0
References: <20230423160548.126576-1-bugaevc@gmail.com> <20230423160548.126576-2-bugaevc@gmail.com>
 <20230424211009.3dbv745qz36vmkpi@begin>
In-Reply-To: <20230424211009.3dbv745qz36vmkpi@begin>
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Tue, 25 Apr 2023 00:35:58 +0300
Message-ID: <CAN9u=HdynAzBvLdzbxkc=gUxNuf12M2PSmiGvpGOogn6S+hsaw@mail.gmail.com>
Subject: Re: [PATCH v2 2/4] hurd: Implement MSG_CMSG_CLOEXEC
To: Samuel Thibault <samuel.thibault@gnu.org>
Cc: libc-alpha@sourceware.org, bug-hurd@gnu.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On Tue, Apr 25, 2023 at 12:10=E2=80=AFAM Samuel Thibault
<samuel.thibault@gnu.org> wrote:
> Applied, thanks!

Thank you -- but I see you changed it to say "fds[j] | fd_flags".

For one thing it would be nice of you to indicate that this was your
change, not mine, because as things are it looks like I wrote that,
but I didn't. Linux docs (I was about to write "kernel docs", heh)
suggest this pattern:

> it is recommended that you add a line between the last
> Signed-off-by header and yours, indicating the nature of your
> changes. While there is nothing mandatory about this, it seems like
> prepending the description with your mail and/or name, all enclosed
> in square brackets, is noticeable enough to make it obvious that you
> are responsible for last-minute changes. Example :
>
> Signed-off-by: Random J Developer <random@developer.example.org>
> [lucky@maintainer.example.org: struct foo moved from foo.c to foo.h]
> Signed-off-by: Lucky K Maintainer <lucky@maintainer.example.org>

But on the technical side of things, I don't think we should take
whatever integer arrives in the message and use it as flags. We never
check it for sanity; who knows what might be there; the fd management
subsystem is not generally written with the assumption that 'flags'
might be attacker-controlled/malicious. I don't see how anything
actually bad could happen in this case, but it could specify O_CLOEXEC
and/or O_IGNORE_CTTY when we don't want them, for instance.

Sergey