Assaf Gordon <assafgordon@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Assaf Gordon <assafgordon@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at submit) by debbugs.gnu.org; 26 Mar 2018 01:52:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 25 21:52:55 2018 Received: from localhost ([127.0.0.1]:53337 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1f0HJf-0000FZ-1v for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:52:55 -0400 Received: from eggs.gnu.org ([208.118.235.92]:37792) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <seebs@HIDDEN>) id 1f0HJd-0000FM-2K for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:52:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f0HJX-0007e3-19 for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:52:47 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47200) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f0HJW-0007dx-Tn for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:52:46 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56988) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f0HJV-0003hA-GN for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 21:52:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f0HJQ-0007Zm-MJ for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 21:52:45 -0400 Received: from mail.seebs.net ([162.213.38.76]:32500) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f0HJQ-0007Yn-FW for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 21:52:40 -0400 Received: from seebsdell (unknown [24.196.59.174]) by mail.seebs.net (Postfix) with ESMTPSA id 917E92E8922; Sun, 25 Mar 2018 20:52:37 -0500 (CDT) Date: Sun, 25 Mar 2018 20:52:32 -0500 From: Seebs <seebs@HIDDEN> To: Paul Eggert <eggert@HIDDEN> Subject: Re: bug#30918: Don't use syscall() to call renameat2() Message-ID: <20180325205232.47d1b1dc@seebsdell> In-Reply-To: <768fd2df-52d4-6302-a271-bc1d937b5da8@HIDDEN> References: <1521972948.11431.53.camel@HIDDEN> <20180325093706.56d4e65f@seebsdell> <768fd2df-52d4-6302-a271-bc1d937b5da8@HIDDEN> X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: FreeBSD 9.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.4 (----) X-Debbugs-Envelope-To: submit Cc: Richard Purdie <richard.purdie@HIDDEN>, bug-coreutils@HIDDEN, Burton Ross <ross.burton@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.4 (----) On Sun, 25 Mar 2018 18:20:56 -0700 Paul Eggert <eggert@HIDDEN> wrote: > Seebs wrote: > > I have significant concerns about the feasibility of a generic > > wrapper for syscall(). In particular, a "wrapper" which does > > *nothing* but forward arguments may well be practical. Or one which > > just fails immediately and claims ENOTSUPP -- but this creates the > > risk that we'll break things which were using perfectly valid > > syscalls which work fine and which we don't need to intercept or do > > anything with. > > For this particular issue, failing with ENOTSUPP should do. Perhaps > such a behavior could be available as a link-time or runtime option. > > More precise would be to have syscall to do nothing but forward > arguments, *except* for the renameat2 syscall which would work much > like the renameat wrapper that I assume you already have. This would > work for coreutils, shouldn't break anything else, shouldn't require > a link-time or runtime option, and shouldn't be that much harder than > always forwarding syscall arguments. We actually hadn't added a wrapper for it; so far as I can tell, no one's ever used it before. (Or at least, no one's ever used it in such a way that failing to catch it was causing detectable issues.) It's on my list now that I've seen an actual program attempting to use it. And I don't think it's that simple; as noted, I'm not convinced that a function written in C can reliably interpret the arguments of some syscalls across targets. (renameat2 may not be one of those affected.) For instance, as noted in the man page, if I wanted to try to interpret the arguments passed to SYS_readahead, I'd have to do things differently for EABI ARM than I would for x86. That's a degree of additional magic not previously present in any of the wrappers, perhaps surprisingly. I haven't got a MIPS machine handy to go look, but the kind of thing I'm concerned about is the description from syscall(2): > On a few architectures, a register is used to indicate simple > boolean failure of the system call: ia64 uses r10 for this > purpose, and mips uses a3. If I'm writing a wrapper in C, I can't preserve that value, but I have to make *other* system calls before and after calling the underlying wrapper. So if it's the case that, after a call into syscall(), some value has been stored in register a3 on MIPS... There's nothing I can write in C that will preserve that value for my caller, and the other system calls I make after the call to the "real" syscall() may overwrite it. So the caller will get the wrong value, and if they were assuming that syscall() would perform as expected... This function may actually be Too Magic to sanely wrap. I think this is the only library function I've ever seen document a need to insert an unused argument between two arguments, but only for a specific ABI. (We do have a couple of arch-specific hooks, but they're at the level of "which compatibility version to specify for a particular function".) -s
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at submit) by debbugs.gnu.org; 26 Mar 2018 01:21:17 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 25 21:21:17 2018 Received: from localhost ([127.0.0.1]:53320 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1f0Gp3-0007xD-CK for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:21:17 -0400 Received: from eggs.gnu.org ([208.118.235.92]:54695) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1f0Gp1-0007wy-M6 for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:21:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <eggert@HIDDEN>) id 1f0Gov-00043K-GY for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:21:10 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:52250) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <eggert@HIDDEN>) id 1f0Gov-00043E-Cw for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 21:21:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45665) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <eggert@HIDDEN>) id 1f0Gou-0004U1-3U for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 21:21:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <eggert@HIDDEN>) id 1f0Goq-00041P-4t for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 21:21:08 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:37124) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <eggert@HIDDEN>) id 1f0Gop-0003ys-Ve for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 21:21:04 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 09B6D160F9F; Sun, 25 Mar 2018 18:21:01 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id hygKdES-LrZs; Sun, 25 Mar 2018 18:21:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 466DC1611D3; Sun, 25 Mar 2018 18:21:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JajuKdn1uxE1; Sun, 25 Mar 2018 18:21:00 -0700 (PDT) Received: from [192.168.1.9] (unknown [47.154.30.119]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 202CD160F9F; Sun, 25 Mar 2018 18:21:00 -0700 (PDT) Subject: Re: bug#30918: Don't use syscall() to call renameat2() To: Seebs <seebs@HIDDEN>, Richard Purdie <richard.purdie@HIDDEN> References: <1521972948.11431.53.camel@HIDDEN> <20180325093706.56d4e65f@seebsdell> From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department Message-ID: <768fd2df-52d4-6302-a271-bc1d937b5da8@HIDDEN> Date: Sun, 25 Mar 2018 18:20:56 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180325093706.56d4e65f@seebsdell> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit Cc: bug-coreutils@HIDDEN, Burton Ross <ross.burton@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.0 (----) Seebs wrote: > I have significant concerns about the feasibility of a generic wrapper > for syscall(). In particular, a "wrapper" which does *nothing* but > forward arguments may well be practical. Or one which just fails > immediately and claims ENOTSUPP -- but this creates the risk that we'll > break things which were using perfectly valid syscalls which work fine > and which we don't need to intercept or do anything with. For this particular issue, failing with ENOTSUPP should do. Perhaps such = a=20 behavior could be available as a link-time or runtime option. More precise would be to have syscall to do nothing but forward arguments= ,=20 *except* for the renameat2 syscall which would work much like the renamea= t=20 wrapper that I assume you already have. This would work for coreutils, sh= ouldn't=20 break anything else, shouldn't require a link-time or runtime option, and= =20 shouldn't be that much harder than always forwarding syscall arguments. > I'm assuming the race condition refers to the behavior of > RENAME_EXCHANGE. No, it's RENAME_NOREPLACE. Coreutils doesn't use RENAME_EXCHANGE now (tho= ugh it=20 might in the future, I suppose).
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at submit) by debbugs.gnu.org; 25 Mar 2018 17:12:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 25 13:12:55 2018 Received: from localhost ([127.0.0.1]:53148 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1f09CQ-0004ka-Dw for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 13:12:55 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60574) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <seebs@HIDDEN>) id 1f06lz-0007br-Jg for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 10:37:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f06lt-0003gV-1K for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 10:37:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:55501) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f06ls-0003gN-Tk for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 10:37:20 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51528) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f06lr-0004mq-Fg for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 10:37:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f06lm-0003aq-EH for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 10:37:19 -0400 Received: from mail.seebs.net ([162.213.38.76]:27731) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <seebs@HIDDEN>) id 1f06lm-0003Yi-5g for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 10:37:14 -0400 Received: from seebsdell (unknown [24.196.59.174]) by mail.seebs.net (Postfix) with ESMTPSA id 361542E892B; Sun, 25 Mar 2018 09:37:11 -0500 (CDT) Date: Sun, 25 Mar 2018 09:37:06 -0500 From: Seebs <seebs@HIDDEN> To: Richard Purdie <richard.purdie@HIDDEN> Subject: Re: bug#30918: Don't use syscall() to call renameat2() Message-ID: <20180325093706.56d4e65f@seebsdell> In-Reply-To: <1521972948.11431.53.camel@HIDDEN> References: <1521972948.11431.53.camel@HIDDEN> X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: FreeBSD 9.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.4 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 25 Mar 2018 13:12:53 -0400 Cc: eggert@HIDDEN, bug-coreutils@HIDDEN, Burton Ross <ross.burton@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.4 (----) On Sun, 25 Mar 2018 11:15:48 +0100 Richard Purdie <richard.purdie@HIDDEN> wrote: > > On 03/23/2018 10:38 AM, Ross Burton wrote: > > > Please consider changing renameat2.c so that it doesn't hit=C2=A0 > > > syscall() if the wrapper isn't available. > >=C2=A0 > > That would reintroduce race-condition security holes in the > > ordinary build of GNU Coreutils on GNU/Linux, which would not be a > > good thing. Instead, how about fixing fakeroot so that it traps > > 'syscall' and fails with errno =3D=3D ENOTSUP? Better yet, fix fakeroot > > so that it implements the renameat2 semantics with that syscall. > > (Or even better, add renameat2 to both glibc and fakeroot. :-) >=20 > I've just had a look at this situation and its not as simple as it may > first appear. The function prototype for syscall() in posix/unistd.h > is: >=20 > extern long int syscall (long int __sysno, ...) >=20 > and the implementation in glibc is in assembler for each architecture. > The syscall(2) man page also gives a little bit more of a hint of the > challenges in the syscall() function with register splits and > alignment along with different forms of error handling. You can call > it with varying numbers of options and the register usage needs to be > tightly controlled, its not a "normal" function where standard > function calling conventions will always work. >=20 > So yes, we could add a wrapper in pseudo however we're likely going to > have to end up using assembler to avoid smashing the calling stack in > the general case. That would be on a per architecture basis and comes > with all the complexities that brings. >=20 > I'd therefore like to add my own plea to figure out and use some glibc > API for this even if we have to establish it. I have significant concerns about the feasibility of a generic wrapper for syscall(). In particular, a "wrapper" which does *nothing* but forward arguments may well be practical. Or one which just fails immediately and claims ENOTSUPP -- but this creates the risk that we'll break things which were using perfectly valid syscalls which work fine and which we don't need to intercept or do anything with. But if we don't want to break code which is using syscall() for other operations, we would have to (1) successfully forward all system calls *and* handle their returns, (2) also intercept specific cases and modify their parameters. Which requires us to *comprehend* their parameters. For instance, in the pseudo environment, we may be virtualizing a chroot() operation, so a literal renameat2() argument of "/a" gets translated into "/chroot/path/a" before it gets handed to the kernel. Take a look at the man page for syscall(2), and consider what we have to do if we want to *handle* the arguments in any way. For instance, if we needed to intercept SYS_readahead on EABI (we wouldn't, but it's the example they give in the man page), we'd have to process arguments completely differently from if we were processing it on x86. I am not sure whether there's parallel concerns for 64-bit pointers on a 64-bit ARM system. I would also have concerns about the "sets registers to indicate success" behavior; wrapper functions are going to make *other system calls* after calling the underlying syscall, so things like that could (and in that case, I think probably would) get smashed by the later syscalls. I'm assuming the race condition refers to the behavior of RENAME_EXCHANGE. I hadn't seen that before, and I don't know of an existing mv(1) usage which would use it, but it does seem an exceptionally desireable thing to have available. On the other hand, I'm not sure it's technically *possible* to fix this in pseudo. (I'm aware that pseudo as a whole is well past the realm of "merely undefined" behavior and into "why would you do that, what's wrong with you", but we haven't been able to make the requirement go away.) I will be adding a wrapper for renameat2() to pseudo, but I can't make glibc change its behavior so quickly. (And now that I look more closely at the flags, supporting RENAME_EXCHANGE will require more complicated effort than I'd initially realized.) -s
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at submit) by debbugs.gnu.org; 25 Mar 2018 13:30:17 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 25 09:30:17 2018 Received: from localhost ([127.0.0.1]:52220 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1f05iy-0005s5-Le for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 09:30:17 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59575) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <richard.purdie@HIDDEN>) id 1f02hC-0005RR-Jy for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 06:16:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <richard.purdie@HIDDEN>) id 1f02h6-0004Uh-DS for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 06:16:09 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:36141) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <richard.purdie@HIDDEN>) id 1f02h6-0004UZ-9T for submit <at> debbugs.gnu.org; Sun, 25 Mar 2018 06:16:08 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50543) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <richard.purdie@HIDDEN>) id 1f02h5-00048b-88 for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 06:16:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <richard.purdie@HIDDEN>) id 1f02h2-0004Pp-3P for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 06:16:07 -0400 Received: from 5751f4a1.skybroadband.com ([87.81.244.161]:55889 helo=dan.rpsys.net) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <richard.purdie@HIDDEN>) id 1f02h1-0004N4-RJ for bug-coreutils@HIDDEN; Sun, 25 Mar 2018 06:16:04 -0400 Received: from hex ([192.168.3.34]) (authenticated bits=0) by dan.rpsys.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id w2PAFmhd030946 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Sun, 25 Mar 2018 11:15:49 +0100 Message-ID: <1521972948.11431.53.camel@HIDDEN> Subject: bug#30918: Don't use syscall() to call renameat2() From: Richard Purdie <richard.purdie@HIDDEN> To: eggert@HIDDEN, bug-coreutils@HIDDEN, Burton Ross <ross.burton@HIDDEN>, Seebs <seebs@HIDDEN> Date: Sun, 25 Mar 2018 11:15:48 +0100 In-Reply-To: 798fb45c-f35e-129d-b3f0-b34a378f6b7c@HIDDEN Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Virus-Scanned: clamav-milter 0.99.3 at dan X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by dan.rpsys.net id w2PAFmhd030946 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 25 Mar 2018 09:30:15 -0400 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.0 (----) > On 03/23/2018 10:38 AM, Ross Burton wrote: > > Please consider changing renameat2.c so that it doesn't hit=C2=A0 > > syscall() if the wrapper isn't available. >=C2=A0 > That would reintroduce race-condition security holes in the ordinary=C2= =A0 > build of GNU Coreutils on GNU/Linux, which would not be a good=C2=A0 > thing. Instead, how about fixing fakeroot so that it traps 'syscall'=C2= =A0 > and fails with errno =3D=3D ENOTSUP? Better yet, fix fakeroot so that i= t=C2=A0 > implements the renameat2 semantics with that syscall. (Or even=C2=A0 > better, add renameat2 to both glibc and fakeroot. :-) I've just had a look at this situation and its not as simple as it may first appear. The function prototype for syscall() in posix/unistd.h is: extern long int syscall (long int __sysno, ...) and the implementation in glibc is in assembler for each architecture. The syscall(2) man page also gives a little bit more of a hint of the challenges in the syscall() function with register splits and alignment along with different forms of error handling. You can call it with varying numbers of options and the register usage needs to be tightly controlled, its not a "normal" function where standard function calling conventions will always work. So yes, we could add a wrapper in pseudo however we're likely going to have to end up using assembler to avoid smashing the calling stack in the general case. That would be on a per architecture basis and comes with all the complexities that brings. I'd therefore like to add my own plea to figure out and use some glibc API for this even if we have to establish it. Cheers, Richard
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at 30918) by debbugs.gnu.org; 24 Mar 2018 21:06:39 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 24 17:06:39 2018 Received: from localhost ([127.0.0.1]:51896 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ezqN5-0001K4-3l for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 17:06:39 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:45194) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1ezqN3-0001Jq-BA for 30918 <at> debbugs.gnu.org; Sat, 24 Mar 2018 17:06:38 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 65F6B1616AC; Sat, 24 Mar 2018 14:06:31 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id JmolrmULkb7P; Sat, 24 Mar 2018 14:06:30 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id A48EC1616B5; Sat, 24 Mar 2018 14:06:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id cV3L6aNbnb6m; Sat, 24 Mar 2018 14:06:30 -0700 (PDT) Received: from [192.168.1.9] (unknown [47.154.30.119]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 71C511616AC; Sat, 24 Mar 2018 14:06:30 -0700 (PDT) Subject: Re: bug#30918: Don't use syscall() to call renameat2() To: Clint Adams <clint@HIDDEN> References: <CAAnfSTtzCpA3gLUsvmP-CeMPfn9t0Q_pXvOhicMS9Nd=DNv8+A@HIDDEN> <798fb45c-f35e-129d-b3f0-b34a378f6b7c@HIDDEN> <20180324210024.o3bszvlipkk37ipa@HIDDEN> From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department Message-ID: <b13cdd23-9771-29fa-60a7-1f1e2333732a@HIDDEN> Date: Sat, 24 Mar 2018 14:06:30 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180324210024.o3bszvlipkk37ipa@HIDDEN> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 30918 Cc: 30918 <at> debbugs.gnu.org, Ross Burton <ross@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) Clint Adams wrote: > What's keeping it out of glibc? Sorry, don't know offhand. Mostly lack of time, I expect.
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at 30918) by debbugs.gnu.org; 24 Mar 2018 21:04:50 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 24 17:04:50 2018 Received: from localhost ([127.0.0.1]:51878 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ezqLJ-0001Fu-S1 for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 17:04:50 -0400 Received: from thumb.scru.org ([104.200.20.71]:51776) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <clint@HIDDEN>) id 1ezqH3-00019p-Qr for 30918 <at> debbugs.gnu.org; Sat, 24 Mar 2018 17:00:26 -0400 Received: by thumb.scru.org (Postfix, from userid 1000) id CAE1B6255A; Sat, 24 Mar 2018 21:00:24 +0000 (UTC) Date: Sat, 24 Mar 2018 21:00:24 +0000 From: Clint Adams <clint@HIDDEN> To: Paul Eggert <eggert@HIDDEN> Subject: Re: bug#30918: Don't use syscall() to call renameat2() Message-ID: <20180324210024.o3bszvlipkk37ipa@HIDDEN> References: <CAAnfSTtzCpA3gLUsvmP-CeMPfn9t0Q_pXvOhicMS9Nd=DNv8+A@HIDDEN> <798fb45c-f35e-129d-b3f0-b34a378f6b7c@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <798fb45c-f35e-129d-b3f0-b34a378f6b7c@HIDDEN> User-Agent: NeoMutt/20170113 (1.7.2) X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 30918 X-Mailman-Approved-At: Sat, 24 Mar 2018 17:04:48 -0400 Cc: 30918 <at> debbugs.gnu.org, Ross Burton <ross@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.0 (+) On Fri, Mar 23, 2018 at 12:02:36PM -0700, Paul Eggert wrote: > That would reintroduce race-condition security holes in the ordinary build > of GNU Coreutils on GNU/Linux, which would not be a good thing. Instead, how > about fixing fakeroot so that it traps 'syscall' and fails with errno == > ENOTSUP? Better yet, fix fakeroot so that it implements the renameat2 > semantics with that syscall. (Or even better, add renameat2 to both glibc > and fakeroot. :-) What's keeping it out of glibc?
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at 30918) by debbugs.gnu.org; 23 Mar 2018 19:02:45 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 23 15:02:45 2018 Received: from localhost ([127.0.0.1]:50004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ezRxd-00039m-Bm for submit <at> debbugs.gnu.org; Fri, 23 Mar 2018 15:02:45 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:45024) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1ezRxb-00039a-PN for 30918 <at> debbugs.gnu.org; Fri, 23 Mar 2018 15:02:44 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 4873D16177F; Fri, 23 Mar 2018 12:02:38 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Ys10zy6MoJdk; Fri, 23 Mar 2018 12:02:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 929A8161774; Fri, 23 Mar 2018 12:02:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id joJZxnW9Fu6P; Fri, 23 Mar 2018 12:02:36 -0700 (PDT) Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 6B89E16177F; Fri, 23 Mar 2018 12:02:36 -0700 (PDT) Subject: Re: bug#30918: Don't use syscall() to call renameat2() To: Ross Burton <ross@HIDDEN>, 30918 <at> debbugs.gnu.org, clint@HIDDEN References: <CAAnfSTtzCpA3gLUsvmP-CeMPfn9t0Q_pXvOhicMS9Nd=DNv8+A@HIDDEN> From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department Message-ID: <798fb45c-f35e-129d-b3f0-b34a378f6b7c@HIDDEN> Date: Fri, 23 Mar 2018 12:02:36 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <CAAnfSTtzCpA3gLUsvmP-CeMPfn9t0Q_pXvOhicMS9Nd=DNv8+A@HIDDEN> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 30918 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) On 03/23/2018 10:38 AM, Ross Burton wrote: > Please consider > changing renameat2.c so that it doesn't hit syscall() if the wrapper isn't > available. That would reintroduce race-condition security holes in the ordinary build of GNU Coreutils on GNU/Linux, which would not be a good thing. Instead, how about fixing fakeroot so that it traps 'syscall' and fails with errno == ENOTSUP? Better yet, fix fakeroot so that it implements the renameat2 semantics with that syscall. (Or even better, add renameat2 to both glibc and fakeroot. :-)
bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.Received: (at submit) by debbugs.gnu.org; 23 Mar 2018 18:16:15 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 23 14:16:15 2018 Received: from localhost ([127.0.0.1]:49984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ezREb-00025T-JM for submit <at> debbugs.gnu.org; Fri, 23 Mar 2018 14:16:15 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42986) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ross@HIDDEN>) id 1ezQeZ-0001Fe-6C for submit <at> debbugs.gnu.org; Fri, 23 Mar 2018 13:39:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <ross@HIDDEN>) id 1ezQeS-0002tq-VK for submit <at> debbugs.gnu.org; Fri, 23 Mar 2018 13:38:53 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,HTML_MESSAGE, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:54522) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <ross@HIDDEN>) id 1ezQeS-0002ta-Rk for submit <at> debbugs.gnu.org; Fri, 23 Mar 2018 13:38:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33951) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <ross@HIDDEN>) id 1ezQeR-0006Mg-Le for bug-coreutils@HIDDEN; Fri, 23 Mar 2018 13:38:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <ross@HIDDEN>) id 1ezQeN-0002qt-Gz for bug-coreutils@HIDDEN; Fri, 23 Mar 2018 13:38:51 -0400 Received: from mail-ot0-x232.google.com ([2607:f8b0:4003:c0f::232]:38681) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from <ross@HIDDEN>) id 1ezQeN-0002qC-BM for bug-coreutils@HIDDEN; Fri, 23 Mar 2018 13:38:47 -0400 Received: by mail-ot0-x232.google.com with SMTP id 95-v6so14101388ote.5 for <bug-coreutils@HIDDEN>; Fri, 23 Mar 2018 10:38:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=burtonini-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=/m/Sp2Gq/oeffKrG0+z5YT1nLUCj2/UP2zeWxMRL76M=; b=MWssWTcqSv+k1lZRQw1Zq1MotVwBMITfde7LaiSJ7QoYpDzjvUXhy6h/82vqlH3AnB KTGHuPsN2o+ZGI5G3u7zae1BmkbjSHk+XjZOCZnOTVqa+5nqXAmeeOnCa9bYp+1vBCpO eol36LL4rNXkXXLQHgftkR6ctaAqH7CxI8vZBmfajTnQjn0OevUBSb62Zz8f2RdYPo0h x7WBG43dnK19AWbUcu6CpbTZOWdzneExEcIDv6p7COHPhSOtJ180AY/vLl2pBFCnapTF 2c0TDVSVAeaCWyQ3TwtVjYeEwOvU62akkCVe7HrrznhGMSrfusSwFEhdIp3DlyqNSBZq yjRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=/m/Sp2Gq/oeffKrG0+z5YT1nLUCj2/UP2zeWxMRL76M=; b=ICvN1Jh8EaSjyOB92fGQVD8gL/j7a4THJzqUR0Q+UwjRJt8ZYI++V3t40Pd/jyarVU O4NY3V7nA1a/DV8tHG1H5YrXkNaeHeukXnu8afA98l8XqXghSwC/BkwbNhNHaAkBmTrX 5YX3uaOGds6cyXAIm7Kl95OZTNEf99ANsx/ZFHASUiSXCzJgN6wI8i9hMM+6Z877vBez Kvmf1r81mYrT71sRaX3qBUP/vAtE69f2lkuvGdqmPaPKQBOCP/DNKnBbbuYqqRbl4FNw hHDEQS5RgRYzywo95QFON7MRZukNcGuosORq7n9Vm0DPjZCW81NkZ4HknOlG5X59dXYQ /J9A== X-Gm-Message-State: AElRT7GTfkw6GYRhaRUh+0FwX8rqmHu6sN7TnQtzZyOB/AonZwih3o9U puO6W73NhdbjrZ2ALxJ9muuKcYGYm6qLOsaO2d9lUEdoht8= X-Google-Smtp-Source: AIpwx49ZjRRmybWLx0cMP5onaB9Kmk6c0vti0VeX/tJdeGhX5n2ylRvnKQmSoR0hk9eLdLxCFT7+W2GdXTBIlnroX/k= X-Received: by 2002:a9d:5697:: with SMTP id o23-v6mr4139478oth.345.1521826725965; Fri, 23 Mar 2018 10:38:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.201.41.11 with HTTP; Fri, 23 Mar 2018 10:38:25 -0700 (PDT) X-Originating-IP: [81.2.106.35] From: Ross Burton <ross@HIDDEN> Date: Fri, 23 Mar 2018 17:38:25 +0000 Message-ID: <CAAnfSTtzCpA3gLUsvmP-CeMPfn9t0Q_pXvOhicMS9Nd=DNv8+A@HIDDEN> Subject: Don't use syscall() to call renameat2() To: bug-coreutils@HIDDEN, clint@HIDDEN Content-Type: multipart/alternative; boundary="000000000000694916056817e505" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 23 Mar 2018 14:16:11 -0400 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -5.0 (-----) --000000000000694916056817e505 Content-Type: text/plain; charset="UTF-8" mv.c uses gnulib/renameat2.c to call renameat2(), which if the glibc wrapper isn't available will just invoke syscall(SYS_renameat2). This may seem like a good idea but considering a number of major distributions use LD_PRELOAD to build as a pretend root user[1] these mv calls won't be intercepted, and building will break in strange and interesting ways (such as binaries not being owned by root:root anymore). Please consider changing renameat2.c so that it doesn't hit syscall() if the wrapper isn't available. Ross [1] Debian and derivatives using fakeroot, OpenEmbedded derivatives using pseudo, etc. --000000000000694916056817e505 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">mv.c uses gnulib/renameat2.c to call renameat2(), which if= the glibc wrapper isn't available will just invoke syscall(SYS_renamea= t2). This may seem like a good idea but considering a number of major distr= ibutions use LD_PRELOAD to build as a pretend root user[1] these mv calls w= on't be intercepted, and building will break in strange and interesting= ways (such as binaries not being owned by root:root anymore).=C2=A0 Please= consider changing renameat2.c so that it doesn't hit syscall() if the = wrapper isn't available.<div><br></div><div>Ross</div><div><br></div><d= iv>[1] Debian and derivatives using fakeroot, OpenEmbedded derivatives usin= g pseudo, etc.</div></div> --000000000000694916056817e505--
Ross Burton <ross@HIDDEN>
:bug-coreutils@HIDDEN
.
Full text available.bug-coreutils@HIDDEN
:bug#30918
; Package coreutils
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.