From: Aleksa Sarai Date: Mon, 21 Jul 2025 01:55:36 +0000 (+1000) Subject: man/man2/openat2.2: HISTORY: Include epilogue about FreeBSD X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=671e1b8cbeee5e81ff1e10d10586521e0ce82cf9;p=thirdparty%2Fman-pages.git man/man2/openat2.2: HISTORY: Include epilogue about FreeBSD While RESOLVE_BENEATH was based on FreeBSD's O_BENEATH, there was a well-known safety issue in O_BENEATH that we explicitly avoided replicating -- FreeBSD would only verify whether the lookup escaped the dirfd *at the end of the path lookup*. This meant that even with O_BENEATH, an attacker could gain information about the structure of the filesystem outside of the dirfd through timing attacks or other side-channels. Once Linux had RESOLVE_BENEATH, FreeBSD implemented O_RESOLVE_BENEATH to mimic the same behaviour[1] and eventually removed O_BENEATH entirely from their system[2]. It seems prudent to provide this epilogue in the HISTORY section of the openat2(2) man page (the FreeBSD man page does for open(2) not reference this historical connection with Linux at all, as far as I can tell). Link: [1] Link: [2] Signed-off-by: Aleksa Sarai Message-ID: <20250721-openat2-history-v1-1-994936dd224a@cyphar.com> Signed-off-by: Alejandro Colomar --- diff --git a/man/man2/openat2.2 b/man/man2/openat2.2 index e7d400920..9d0b58777 100644 --- a/man/man2/openat2.2 +++ b/man/man2/openat2.2 @@ -478,7 +478,20 @@ Linux 5.6. The semantics of .B RESOLVE_BENEATH were modeled after FreeBSD's +.BR O_BENEATH , +but avoided a well-known correctness bug in FreeBSD's implementation that +rendered it effectively insecure. +Later, FreeBSD 13 introduced +.B O_RESOLVE_BENEATH +to replace the insecure .BR O_BENEATH . +.\" https://reviews.freebsd.org/D25886 +.\" https://reviews.freebsd.org/D28907 +FreeBSD's +.B O_RESOLVE_BENEATH +semantics are based on Linux's +.B RESOLVE_BENEATH +and the two are now functionally equivalent. .SH NOTES .SS Extensibility In order to allow for future extensibility,