GNU bug report logs -
#66531
[PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
Previous Next
Reported by: Tomas Volf <~@wolfsden.cz>
Date: Fri, 13 Oct 2023 16:19:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66531 in the body.
You can then email your comments to 66531 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guile <at> gnu.org
:
bug#66531
; Package
guile
.
(Fri, 13 Oct 2023 16:19:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Tomas Volf <wolf <at> wolfsden.cz>
:
New bug report received and forwarded. Copy sent to
bug-guile <at> gnu.org
.
(Fri, 13 Oct 2023 16:19:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Both macros were missing a quote for the procedure call, causing the
actual return value to be compiled into the ftw.go, instead of the
procedure call. Snippet from disassembly of ftw.go does confirm that:
55 (make-immediate 2 3990) ;; 997 at ice-9/ftw.scm:319:46
56 (make-long-immediate 1 120002) ;; 30000 at ice-9/ftw.scm:320:46
That effectively prevented ftw from entering directories without access
for others. Simple reproduction:
scheme@(guile-user)> ,use (ice-9 ftw)
scheme@(guile-user)> (mkdir "/tmp/xxxx")
scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))
;;; (directory-not-readable)
$1 = #t
scheme@(guile-user)> (system "ls -al /tmp/xxxx")
total 0
drwx------ 1 wolf wolf 0 Oct 11 22:54 .
drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
$2 = 0
The fix is to quote the procedure call, leading to the intended
behavior.
This fixes bug 55344.
* module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
(getgid-or-false): Quote the (getgid).
---
module/ice-9/ftw.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/module/ice-9/ftw.scm b/module/ice-9/ftw.scm
index ac6aa6316..8496086a1 100644
--- a/module/ice-9/ftw.scm
+++ b/module/ice-9/ftw.scm
@@ -201,12 +201,12 @@
(define-macro (getuid-or-false)
(if (defined? 'getuid)
- (getuid)
+ '(getuid)
#f))
(define-macro (getgid-or-false)
(if (defined? 'getgid)
- (getgid)
+ '(getgid)
#f))
(define (directory-files dir)
--
2.41.0
Information forwarded
to
bug-guile <at> gnu.org
:
bug#66531
; Package
guile
.
(Fri, 13 Oct 2023 17:32:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 66531 <at> debbugs.gnu.org (full text, mbox):
> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
>procedure call. Snippet from disassembly of ftw.go does confirm that:
Looks good to me.
If you don't have commit approval, I can take the action to commit it,
and write a test case, since I was the one who broke it back in 2021.
Mike Gran
Information forwarded
to
bug-guile <at> gnu.org
:
bug#66531
; Package
guile
.
(Fri, 13 Oct 2023 18:21:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 66531 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call. Snippet from disassembly of ftw.go does confirm that:
>
> Looks good to me.
>
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.
I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)
>
> Mike Gran
Tomas Volf
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guile <at> gnu.org
:
bug#66531
; Package
guile
.
(Wed, 25 Oct 2023 14:03:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 66531 <at> debbugs.gnu.org (full text, mbox):
I haven't forgotten about this. My linux devel box died.
Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.
On Friday, October 13, 2023 at 11:20:11 AM PDT, Tomas Volf <wolf <at> wolfsden.cz> wrote:
On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call. Snippet from disassembly of ftw.go does confirm that:
>
> Looks good to me.
>
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.
I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)
>
> Mike Gran
Tomas Volf
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
Information forwarded
to
bug-guile <at> gnu.org
:
bug#66531
; Package
guile
.
(Wed, 29 Nov 2023 17:13:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 66531 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
On 2023-10-25 14:01:43 +0000, Mike Gran wrote:
> I haven't forgotten about this. My linux devel box died.
My deepest sympathies.
>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.
Polite ping, just making sure this is still on the radar.
Tomas
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]
Changed bug submitter to 'Tomas Volf <~@wolfsden.cz>' from 'Tomas Volf <wolf <at> wolfsden.cz>'
Request was from
Tomas Volf <~@wolfsden.cz>
to
control <at> debbugs.gnu.org
.
(Tue, 09 Jan 2024 16:58:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guile <at> gnu.org
:
bug#66531
; Package
guile
.
(Tue, 16 Jan 2024 12:41:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 66531 <at> debbugs.gnu.org (full text, mbox):
Mike Gran <spk121 <at> yahoo.com> writes:
Hello,
> I haven't forgotten about this. My linux devel box died.
>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.
Just a polite ping regarding this patch.
Thank you and have a nice day,
Tomas Volf
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Mon, 29 Jan 2024 13:30:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Tomas Volf <~@wolfsden.cz>
:
bug acknowledged by developer.
(Mon, 29 Jan 2024 13:30:02 GMT)
Full text and
rfc822 format available.
Message #27 received at 66531-done <at> debbugs.gnu.org (full text, mbox):
Tomas Volf <wolf <at> wolfsden.cz> skribis:
> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
> procedure call. Snippet from disassembly of ftw.go does confirm that:
>
> 55 (make-immediate 2 3990) ;; 997 at ice-9/ftw.scm:319:46
> 56 (make-long-immediate 1 120002) ;; 30000 at ice-9/ftw.scm:320:46
>
> That effectively prevented ftw from entering directories without access
> for others. Simple reproduction:
>
> scheme@(guile-user)> ,use (ice-9 ftw)
> scheme@(guile-user)> (mkdir "/tmp/xxxx")
> scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
> scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))
>
> ;;; (directory-not-readable)
> $1 = #t
> scheme@(guile-user)> (system "ls -al /tmp/xxxx")
> total 0
> drwx------ 1 wolf wolf 0 Oct 11 22:54 .
> drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
> $2 = 0
>
> The fix is to quote the procedure call, leading to the intended
> behavior.
>
> This fixes bug 55344.
>
> * module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
> (getgid-or-false): Quote the (getgid).
Applied, thanks!
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Tue, 27 Feb 2024 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 71 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.