Add fchmodat(AT_SYMLINK_NOFOLLOW) and fchmod O_PATH support
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
diff --git a/libc/arch-x86/syscalls/fchmod.S b/libc/arch-x86/syscalls/__fchmod.S
similarity index 94%
rename from libc/arch-x86/syscalls/fchmod.S
rename to libc/arch-x86/syscalls/__fchmod.S
index 37851ff..7ad213e 100644
--- a/libc/arch-x86/syscalls/fchmod.S
+++ b/libc/arch-x86/syscalls/__fchmod.S
@@ -2,7 +2,7 @@
#include <private/bionic_asm.h>
-ENTRY(fchmod)
+ENTRY(__fchmod)
pushl %ebx
.cfi_def_cfa_offset 8
.cfi_rel_offset ebx, 0
@@ -23,4 +23,4 @@
popl %ecx
popl %ebx
ret
-END(fchmod)
+END(__fchmod)
diff --git a/libc/arch-x86/syscalls/fchmodat.S b/libc/arch-x86/syscalls/__fchmodat.S
similarity index 70%
rename from libc/arch-x86/syscalls/fchmodat.S
rename to libc/arch-x86/syscalls/__fchmodat.S
index f515512..f03c03f 100644
--- a/libc/arch-x86/syscalls/fchmodat.S
+++ b/libc/arch-x86/syscalls/__fchmodat.S
@@ -2,7 +2,7 @@
#include <private/bionic_asm.h>
-ENTRY(fchmodat)
+ENTRY(__fchmodat)
pushl %ebx
.cfi_def_cfa_offset 8
.cfi_rel_offset ebx, 0
@@ -12,13 +12,9 @@
pushl %edx
.cfi_adjust_cfa_offset 4
.cfi_rel_offset edx, 0
- pushl %esi
- .cfi_adjust_cfa_offset 4
- .cfi_rel_offset esi, 0
- mov 20(%esp), %ebx
- mov 24(%esp), %ecx
- mov 28(%esp), %edx
- mov 32(%esp), %esi
+ mov 16(%esp), %ebx
+ mov 20(%esp), %ecx
+ mov 24(%esp), %edx
movl $__NR_fchmodat, %eax
int $0x80
cmpl $-MAX_ERRNO, %eax
@@ -28,9 +24,8 @@
call __set_errno_internal
addl $4, %esp
1:
- popl %esi
popl %edx
popl %ecx
popl %ebx
ret
-END(fchmodat)
+END(__fchmodat)