On 3/10/20 12:30 PM, Florian Weimer wrote:
The glibc implementation needs /proc to avoid the race. There is no way around that, otherwise we introduce a security vulnerability.
It is unfortunate that we have dueling paranoia here. coreutils mknod is paranoid so it uses lchmod to avoid a race, and then glibc lchmod is paranoid so it refuses to work with lchmod unless /proc is mounted.
Since we apparently cannot avoid a race unless /proc is mounted, I suppose we could change gnulib lchmod to consider the current glibc behavior to be a bug, and to fall back on lstat+chmod when /proc is not mounted. This would fix coreutils and every other Gnulib-using program that uses lchmod or fchmodat. But on the whole it would be somewhat cleaner if glibc lchmod and fchmodat were merely documented to have races when /proc is not mounted; that'd be simpler than manually adjusting all programs that use glibc lchmod so that they all explicitly have races when /proc is not mounted.
