GNU bug report logs - #66531
[PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

Previous Next

Package: guile;

Reported by: Tomas Volf <~@wolfsden.cz>

Date: Fri, 13 Oct 2023 16:19:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66531 in the body.
You can then email your comments to 66531 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guile <at> gnu.org:
bug#66531; Package guile. (Fri, 13 Oct 2023 16:19:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tomas Volf <wolf <at> wolfsden.cz>:
New bug report received and forwarded. Copy sent to bug-guile <at> gnu.org. (Fri, 13 Oct 2023 16:19:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <wolf <at> wolfsden.cz>
To: bug-guile <at> gnu.org
Cc: Tomas Volf <wolf <at> wolfsden.cz>
Subject: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
Date: Fri, 13 Oct 2023 18:18:11 +0200
Both macros were missing a quote for the procedure call, causing the
actual return value to be compiled into the ftw.go, instead of the
procedure call.  Snippet from disassembly of ftw.go does confirm that:

  55    (make-immediate 2 3990)         ;; 997                at ice-9/ftw.scm:319:46
  56    (make-long-immediate 1 120002)  ;; 30000              at ice-9/ftw.scm:320:46

That effectively prevented ftw from entering directories without access
for others.  Simple reproduction:

    scheme@(guile-user)> ,use (ice-9 ftw)
    scheme@(guile-user)> (mkdir "/tmp/xxxx")
    scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
    scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))

    ;;; (directory-not-readable)
    $1 = #t
    scheme@(guile-user)> (system "ls -al /tmp/xxxx")
    total 0
    drwx------ 1 wolf wolf   0 Oct 11 22:54 .
    drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
    $2 = 0

The fix is to quote the procedure call, leading to the intended
behavior.

This fixes bug 55344.

* module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
(getgid-or-false): Quote the (getgid).
---
 module/ice-9/ftw.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/module/ice-9/ftw.scm b/module/ice-9/ftw.scm
index ac6aa6316..8496086a1 100644
--- a/module/ice-9/ftw.scm
+++ b/module/ice-9/ftw.scm
@@ -201,12 +201,12 @@
 
 (define-macro (getuid-or-false)
   (if (defined? 'getuid)
-      (getuid)
+      '(getuid)
       #f))
 
 (define-macro (getgid-or-false)
   (if (defined? 'getgid)
-      (getgid)
+      '(getgid)
       #f))
 
 (define (directory-files dir)
-- 
2.41.0





Information forwarded to bug-guile <at> gnu.org:
bug#66531; Package guile. (Fri, 13 Oct 2023 17:32:01 GMT) Full text and rfc822 format available.

Message #8 received at 66531 <at> debbugs.gnu.org (full text, mbox):

From: Mike Gran <spk121 <at> yahoo.com>
To: "66531 <at> debbugs.gnu.org" <66531 <at> debbugs.gnu.org>, 
 Tomas Volf <wolf <at> wolfsden.cz>
Subject: Re: bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros.
Date: Fri, 13 Oct 2023 17:30:06 +0000 (UTC)
> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
>procedure call.  Snippet from disassembly of ftw.go does confirm that:

Looks good to me.

If you don't have commit approval, I can take the action to commit it,
and write a test case, since I was the one who broke it back in 2021.

Mike Gran




Information forwarded to bug-guile <at> gnu.org:
bug#66531; Package guile. (Fri, 13 Oct 2023 18:21:02 GMT) Full text and rfc822 format available.

Message #11 received at 66531 <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <wolf <at> wolfsden.cz>
To: Mike Gran <spk121 <at> yahoo.com>
Cc: "66531 <at> debbugs.gnu.org" <66531 <at> debbugs.gnu.org>
Subject: Re: bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros.
Date: Fri, 13 Oct 2023 20:20:03 +0200
[Message part 1 (text/plain, inline)]
On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call.  Snippet from disassembly of ftw.go does confirm that:
> 
> Looks good to me.
> 
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.

I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)

> 
> Mike Gran

Tomas Volf

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guile <at> gnu.org:
bug#66531; Package guile. (Wed, 25 Oct 2023 14:03:02 GMT) Full text and rfc822 format available.

Message #14 received at 66531 <at> debbugs.gnu.org (full text, mbox):

From: Mike Gran <spk121 <at> yahoo.com>
To: Tomas Volf <wolf <at> wolfsden.cz>
Cc: "66531 <at> debbugs.gnu.org" <66531 <at> debbugs.gnu.org>
Subject: Re: bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros.
Date: Wed, 25 Oct 2023 14:01:43 +0000 (UTC)
I haven't forgotten about this. My linux devel box died.

Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.






On Friday, October 13, 2023 at 11:20:11 AM PDT, Tomas Volf <wolf <at> wolfsden.cz> wrote: 





On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call.  Snippet from disassembly of ftw.go does confirm that:
> 
> Looks good to me.
> 
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.

I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)


> 
> Mike Gran


Tomas Volf

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.





Information forwarded to bug-guile <at> gnu.org:
bug#66531; Package guile. (Wed, 29 Nov 2023 17:13:02 GMT) Full text and rfc822 format available.

Message #17 received at 66531 <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: Mike Gran <spk121 <at> yahoo.com>
Cc: "66531 <at> debbugs.gnu.org" <66531 <at> debbugs.gnu.org>
Subject: Re: bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros.
Date: Wed, 29 Nov 2023 17:11:45 +0100
[Message part 1 (text/plain, inline)]
Hi,

On 2023-10-25 14:01:43 +0000, Mike Gran wrote:
> I haven't forgotten about this. My linux devel box died.

My deepest sympathies.

>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.

Polite ping, just making sure this is still on the radar.

Tomas

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]

Changed bug submitter to 'Tomas Volf <~@wolfsden.cz>' from 'Tomas Volf <wolf <at> wolfsden.cz>' Request was from Tomas Volf <~@wolfsden.cz> to control <at> debbugs.gnu.org. (Tue, 09 Jan 2024 16:58:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guile <at> gnu.org:
bug#66531; Package guile. (Tue, 16 Jan 2024 12:41:02 GMT) Full text and rfc822 format available.

Message #22 received at 66531 <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: Mike Gran <spk121 <at> yahoo.com>
Cc: Tomas Volf <wolf <at> wolfsden.cz>, control <at> debbugs.gnu.org,
 66531 <at> debbugs.gnu.org
Subject: Re: bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros., bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros., control message for bug #66531
Date: Tue, 16 Jan 2024 13:40:40 +0100
Mike Gran <spk121 <at> yahoo.com> writes:

Hello,

> I haven't forgotten about this. My linux devel box died.
>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.

Just a polite ping regarding this patch.

Thank you and have a nice day,
Tomas Volf




Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Mon, 29 Jan 2024 13:30:01 GMT) Full text and rfc822 format available.

Notification sent to Tomas Volf <~@wolfsden.cz>:
bug acknowledged by developer. (Mon, 29 Jan 2024 13:30:02 GMT) Full text and rfc822 format available.

Message #27 received at 66531-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Tomas Volf <wolf <at> wolfsden.cz>
Cc: 66531-done <at> debbugs.gnu.org
Subject: Re: bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false
 macros.
Date: Mon, 29 Jan 2024 14:28:28 +0100
Tomas Volf <wolf <at> wolfsden.cz> skribis:

> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
> procedure call.  Snippet from disassembly of ftw.go does confirm that:
>
>   55    (make-immediate 2 3990)         ;; 997                at ice-9/ftw.scm:319:46
>   56    (make-long-immediate 1 120002)  ;; 30000              at ice-9/ftw.scm:320:46
>
> That effectively prevented ftw from entering directories without access
> for others.  Simple reproduction:
>
>     scheme@(guile-user)> ,use (ice-9 ftw)
>     scheme@(guile-user)> (mkdir "/tmp/xxxx")
>     scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
>     scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))
>
>     ;;; (directory-not-readable)
>     $1 = #t
>     scheme@(guile-user)> (system "ls -al /tmp/xxxx")
>     total 0
>     drwx------ 1 wolf wolf   0 Oct 11 22:54 .
>     drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
>     $2 = 0
>
> The fix is to quote the procedure call, leading to the intended
> behavior.
>
> This fixes bug 55344.
>
> * module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
> (getgid-or-false): Quote the (getgid).

Applied, thanks!




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 27 Feb 2024 12:24:06 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 71 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.