tech-kern: Re: Addition to force open to open only regular files

Subject: Re: Addition to force open to open only regular files
To: Bill Studenmund <wrstuden@zembu.com>
From: Warner Losh <imp@village.org>
List: tech-kern
Date: 11/16/2000 17:24:51

In message <Pine.NEB.4.21.0011161541560.3098-100000@candlekeep.z.zembu.com> Bill Studenmund writes:
: > Otherwise I would say $HOSTALIASES and $LOCALDOMAIN support just has to
: > go away completely and users can either practice their typing skills
: > and/or learn to make better use of other UI features that'll help them
: > enter fully qualified names where the way the system default search
: > features are configured are not to their liking.
:
: As long as you continue to express the inflexability you show above,
: people who disagree with you will pursue the only option the situation
: leaves them - ignore you. Is that really what you want?

HOSTALIASES went away in Feither 1997 or 1998 reeBSD because we
couldn't figure out how to safely allow it without doing something
really radical.

At first it was suggested to use access(2) to make things work, but
that has well known race condition.

Then we tried to use stat and fstat, but that has the "rewind tape"
problem where merely calling open on the device had side effects.

There were some suggestions to use seteuid(), but that has problems
that have been talked about here. I recently thought I found a
loophole, but as was ponited out, the loophole wasn't really a hole.

I've had really off the wall suggestions sent to me for fixing the
kernel:
Have a "half open" that will open the file without really
opening it. One that does just the permissions checks and
nothing else. Then have a 2nd have of the open that completes
the open. This is similar to access, except it gives you
a handle that you can fstat with, as well as later open w/o
a race no matter how long you take to get around to it.

Have a flag that says "open only normal files" or "don't open
devices" like was suggested in the NetBSD lists.

Implement linux's fsetuid()

Each of these solutions has pros and cons. More cons than pros and it
just didn't seem to be worth changing the kernel to get HOSTALIASES
functionality back. There's been an open PR in FreeBSD since 1998 or
so, but no one has bugged me about it in ages (it is assigned to me).

Warner