Re: kern/58438 (Compatibility issues with per-user-temp [described security(7) man page])

["Martin Husemann via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR kern/58438; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/58438 (Compatibility issues with per-user-temp [described
 security(7) man page])
Date: Fri, 1 Nov 2024 08:29:33 +0100

 On Fri, Nov 01, 2024 at 12:50:01AM +0000, RVP via gnats wrote:
 >  Since userspace needs to see the @magic tokens (as we've seen), and realpath(3)
 >  seems to the cause of all this, I think we should just fix it to expand those
 >  tokens when magic-symlinks are active. That should take care of 1)--even though
 >  this means duplicating the expansion already being done in the kernel.
 >  
 >  Shouldn't be hard. I'll do it--but, prolly only next week.
 
 I agree with the aproach, but it is not as trivial as it sounds, see
 PR kern/58801.
 
 I wonder if we should make the mapping table the kernel uses available
 (read only) to userland via a sysctl, so besides realpath(3) it could
 also be used in the ATF tests. The ATF tests also should grow a realpath
 test.
 
 Or we define (and document) a fixed mapping/semantics for
 machine/machine_arch that we can hardcode in both places.
 
 Martin