From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-x29.google.com (mail-oa1-x29.google.com [IPv6:2001:4860:4864:20::29]) by sourceware.org (Postfix) with ESMTPS id 913EF3858D39 for ; Mon, 24 Apr 2023 21:36:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 913EF3858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oa1-x29.google.com with SMTP id 586e51a60fabf-187b70ab997so27169926fac.0 for ; Mon, 24 Apr 2023 14:36:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682372170; x=1684964170; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=GAukmsWszGI79cketIWF+EgfSLF9z4Ocga+n4b0Lwf0=; b=dQuaL7buxXDS9L33daWdHA46Ock8/oquVrHmFohvEz+EklJUQ8mQNGIyKMzEH6vpVg JVOoMt8elgBjb2Al9EN+gBw1DkyhEiBoB9nbwlJVuTKm647MIqaubhgP6JH5inAF59T2 RI2YVkKfeIxGhnXnJvpCMBaiB8TcgHS2coWCxIXpaYX6EhKlFTRBx8Xews4opOElFsIV 8GJdjYPCuSX3UMQgQGA3OpBvA7L0i8ag5oYAusdmeC3q7z5vqGRRv2DhxB05Q6W4csYS L5lPuT6eTkmgncLmTSl4wtp6FMRf7sVwjhxB++URTgn56SfVHDpWJDe2a+0CVujSQoCC Xs0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682372170; x=1684964170; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GAukmsWszGI79cketIWF+EgfSLF9z4Ocga+n4b0Lwf0=; b=CmeAzDlfssFZqYS4O8f74xOXkqPcjbkc17oaPGw4EMshjjC9bPa6OjukLCYTqx4xl3 5sqgMYrfR7WmyeIUR3Q1q2ilQv+QVengSSfJJ6uP2f4hAw/DHKmU+lQcMuVKB9nEU5He JH7VWqoXq9dcacmNJSrmVmq5dxldHfVqCYpu7lTuwQV/ZSnr9kya73mbWTeiZbRL2+py UljHoiWkkIXkf4UXF3OACxYK0xje/Et8C6F3yJ9SLfvWxfHw3Hp+rSIjqZIioxnS47pU MpMLNrrHT573TDcgfy2ZXpNAZglCMx1CNT29Z7Ksd9Df7ToBbRUc6LFXkb2gpjzXPFS+ dHsA== X-Gm-Message-State: AAQBX9dtv3JNrhqs0/ezf2/kxgis7GohYOaUMkJ7oe9D1e1N2Huwqoes E4aZBiEiOXEmNsSjcaTGue1Kk2P1Ragw2LYed6NMQskXMk5O4A== X-Google-Smtp-Source: AKy350apybzx1li3pJaJBHf6/BM+9p8gXxCHz82PXw7zU9KCPIpSpv745ZYRQZAer118NbNBQD/I7oeK7QuuPzLs6N8= X-Received: by 2002:a05:6820:198c:b0:549:d9c2:8e6a with SMTP id bp12-20020a056820198c00b00549d9c28e6amr1186163oob.3.1682372169516; Mon, 24 Apr 2023 14:36:09 -0700 (PDT) MIME-Version: 1.0 References: <20230423160548.126576-1-bugaevc@gmail.com> <20230423160548.126576-2-bugaevc@gmail.com> <20230424211009.3dbv745qz36vmkpi@begin> In-Reply-To: <20230424211009.3dbv745qz36vmkpi@begin> From: Sergey Bugaev Date: Tue, 25 Apr 2023 00:35:58 +0300 Message-ID: Subject: Re: [PATCH v2 2/4] hurd: Implement MSG_CMSG_CLOEXEC To: Samuel Thibault Cc: libc-alpha@sourceware.org, bug-hurd@gnu.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Apr 25, 2023 at 12:10=E2=80=AFAM Samuel Thibault wrote: > Applied, thanks! Thank you -- but I see you changed it to say "fds[j] | fd_flags". For one thing it would be nice of you to indicate that this was your change, not mine, because as things are it looks like I wrote that, but I didn't. Linux docs (I was about to write "kernel docs", heh) suggest this pattern: > it is recommended that you add a line between the last > Signed-off-by header and yours, indicating the nature of your > changes. While there is nothing mandatory about this, it seems like > prepending the description with your mail and/or name, all enclosed > in square brackets, is noticeable enough to make it obvious that you > are responsible for last-minute changes. Example : > > Signed-off-by: Random J Developer > [lucky@maintainer.example.org: struct foo moved from foo.c to foo.h] > Signed-off-by: Lucky K Maintainer But on the technical side of things, I don't think we should take whatever integer arrives in the message and use it as flags. We never check it for sanity; who knows what might be there; the fd management subsystem is not generally written with the assumption that 'flags' might be attacker-controlled/malicious. I don't see how anything actually bad could happen in this case, but it could specify O_CLOEXEC and/or O_IGNORE_CTTY when we don't want them, for instance. Sergey