Subject: Re: openat(2) and friends
To: None <tech-kern@netbsd.org>
From: Steinar Hamre <steinarh@pvv.ntnu.no>
List: tech-kern
Date: 03/06/2005 19:05:10
Jaromir Dolecek <jdolecek@NetBSD.org> writes:

> On Sun, Mar 06, 2005 at 04:55:41PM +0100, Steinar Hamre wrote:
> > I'd like som feedback on this approach before continuing with
> > fstatat(2) and opendir(3).
> 
> What's the rationale for adding these syscalls? Is this at least
> in SUS? It doesn't seem as particularily useful functionality.

They allow fast and safe traversial and operations in an untrusted
directory tree.

Today, safe operations in an untrusted directory tree must be
implemented by excessive use of fchdir(2).  This brings some problems
retated to multitreading/locking/"Can't chdir when using fts(3)",
and additional issues related to security or unexpected behavor like
core file placement.

This would help fts(3) in terms of readability, speed, and possibly
the need to choose between FTS_NOCHDIR and security.

I hope to save opendir(3) from some nfs/union/fts nastiness.  And
avoid the race with opendir DTF_REWIND reopening a different
directory.

Portable programs can use fdopendir(3) instead of __opendir2 and
asuming there is a fd in DIR.

They will be needed for Solaris compability.

It's not in SUS. Though *I* hope it will be some day.

        Steinar