It was discovered while implementing userspace emulation of fchmodat AT_SYMLINK_NOFOLLOW (using O_PATH and procfs magic symlinks; otherwise it's not possible to target symlinks with chmod operations) that some filesystems erroneously allow access mode of symlinks to be changed, but return failure with EOPNOTSUPP (see glibc issue #14578 and commit a492b1e5ef). This inconsistency is non-conforming and wrong, and the consensus seems to be that it was unintentional to allow link modes to be changed in the first place.
Signed-off-by: Rich Felker <[email protected]> --- fs/open.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/open.c b/fs/open.c index 9af548fb841b..cdb7964aaa6e 100644 --- a/fs/open.c +++ b/fs/open.c @@ -570,6 +570,12 @@ int chmod_common(const struct path *path, umode_t mode) struct iattr newattrs; int error; + /* Block chmod from getting to fs layer. Ideally the fs would either + * allow it or fail with EOPNOTSUPP, but some are buggy and return + * an error but change the mode, which is non-conforming and wrong. */ + if (S_ISLNK(inode->i_mode)) + return -EOPNOTSUPP; + error = mnt_want_write(path->mnt); if (error) return error; -- 2.21.0
