On 2025/07/21 04:18, Crystal Kolipe wrote:
> On Sun, Jul 20, 2025 at 12:59:09PM +0100, Stuart Henderson wrote:
> > On 2025/07/20 04:52, Crystal Kolipe wrote:
> > > Do we also need to clarify in the man page what happens if both -p and -P are
> > > used at the same time?  In that case, -p is ignored and the permissions from
> > > the directory specified with -P are used.
> > > 
> > > I'm wondering if that is even the desired behaviour, maybe -p should always
> > > override even when -P is specified.  But if nobody has an opinion on this
> > > I'm OK with the current proposal.
> > 
> > fwiw, I think I would expect -p to be used "over the top" of -P's
> > permissions if both flags are specified.
> 
> This version should address that.  Now if both -p and -P are specified on the
> command line, the permissions of '.' are set to whatever was specified as the
> argument to -p.
> 
> I'm assuming that's what you meant, although "over the top" could also be
> interpreted as 'a logical AND of both the permissions gained from -P and those
> specified with -p', (which could in itself could be considered an over the top
> suggestion in another sense, thereby causing an infinite mental loop :-) ).
> 
> The chmod of '.' is not expected to fail, so we only print a warning if it
> does, and continue with the inherited permissions.  Should this be a hard
> error?

That seems reasonable. fwiw, the code bits are OK with me.

I'm not sure about the text about "can create security issues" in
the manual though, I think I'd stick to just describing the action
of -p.




> --- newfs.c.orig	Mon Apr  7 04:25:02 2025
> +++ newfs.c	Mon Jul 21 08:15:41 2025
> @@ -147,7 +147,7 @@
>  static void waitformount(char *, pid_t);
>  static int do_exec(const char *, const char *, char *const[]);
>  static int isdir(const char *);
> -static void copy(char *, char *);
> +static void copy(char *, char *, mode_t);
>  static int gettmpmnt(char *, size_t);
>  #endif
>  
> @@ -179,6 +179,7 @@
>  #ifdef MFS
>  	char mountfromname[BUFSIZ];
>  	char *pop = NULL, node[PATH_MAX];
> +	char *ep;
>  	pid_t pid;
>  	struct stat mountpoint;
>  #endif
> @@ -203,7 +204,7 @@
>  		fatal("insane maxpartitions value %d", maxpartitions);
>  
>  	opstring = mfs ?
> -	    "O:P:T:b:c:e:f:i:m:o:s:" :
> +	    "O:P:T:b:c:e:f:i:m:o:p:s:" :
>  	    "NO:S:T:b:c:e:f:g:h:i:m:o:qs:t:";
>  	while ((ch = getopt(argc, argv, opstring)) != -1) {
>  		switch (ch) {
> @@ -286,6 +287,19 @@
>  					    optarg);
>  			}
>  			break;
> +		case 'p':
> +			errno = 0;
> +			mfsmode = strtoul(optarg, &ep, 8);
> +			if (optarg[0] == '\0' || *ep != '\0')
> +				fatal("invalid mode: not a number");
> +			if (errno == ERANGE)
> +				fatal("invalid mode: out of range");
> +			if ((mfsmode & ALLPERMS) != mfsmode)
> +				fatal("unrecognised permission bits");
> +			if (mfsmode == 0)
> +				warnx("invalid mode, will inherit "
> +				      "mount point permissions");
> +			break;
>  		case 'q':
>  			quiet = 1;
>  			break;
> @@ -506,7 +520,8 @@
>  			err(ECANCELED, "stat %s", node);
>  		mfsuid = mountpoint.st_uid;
>  		mfsgid = mountpoint.st_gid;
> -		mfsmode = mountpoint.st_mode & ALLPERMS;
> +		if (mfsmode == 0)
> +			mfsmode = mountpoint.st_mode & ALLPERMS;
>  	}
>  #endif
>  
> @@ -543,7 +558,7 @@
>  		default:
>  			if (pop != NULL) {
>  				waitformount(tmpnode, pid);
> -				copy(pop, tmpnode);
> +				copy(pop, tmpnode, mfsmode);
>  				unmount(tmpnode, 0);
>  				rmdir(tmpnode);
>  			}
> @@ -754,13 +769,18 @@
>  }
>  
>  static void
> -copy(char *src, char *dst)
> +copy(char *src, char *dst, mode_t mfsmode)
>  {
>  	int ret, dir, created = 0;
> +	int fd;
>  	struct ufs_args mount_args;
>  	char mountpoint[MNAMELEN];
>  	char *const argv[] = { "pax", "-rw", "-pe", ".", dst, NULL } ;
>  
> +	if ((fd = open(dst, O_RDONLY)) == -1) {
> +		err(1, "failed opening %s", dst);
> +	}
> +
>  	dir = isdir(src);
>  	if (dir)
>  		strlcpy(mountpoint, src, sizeof(mountpoint));
> @@ -788,6 +808,10 @@
>  			warn("unmount %s", dst);
>  		errx(1, "copy %s to %s failed", mountpoint, dst);
>  	}
> +	if (fchmodat(fd, ".", mfsmode, 0) == -1) {
> +		warn("failed to set requested permissions");
> +	}
> +	close (fd);
>  }
>  
>  static int
>