In which case the check is not
needed (if O_NOFOLLOW is also available).
Unfortunately, we can't yet afford to target only systems with
open/O_NOFOLLOW support, and we do care about security on other systems.
I think you misunderstand.
Not hardly.
What I suggested is to get
Miklos Szeredi [EMAIL PROTECTED] wrote:
...
What you're saying here is inconsistent with the strace snippet you posted
showing the offending lstat and open with almost no intervening syscalls.
Perhaps you edited it and forgot to indicate that?
No I didn't edit. You're right, that my snippet
That's close.
To clarify: with the current fts implementation, the interval between the
initial lstat and subsequent open of the same directory may be arbitrarily
long, but only for 2nd or subsequent command-line arguments -- which
usually translates to 2nd or subsequent members of the argv
Looking at the strace there seems to be some other room for
optimization:
open(a, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
Seems unnecessary, unless find was given -exec argument.
Miklos Szeredi [EMAIL PROTECTED] wrote:
That's close.
To clarify: with the current fts implementation, the interval between the
initial lstat and subsequent open of the same directory may be arbitrarily
long, but only for 2nd or subsequent command-line arguments -- which
usually translates
When searching a sublist of a sorted list, the number of comparisons
performed can be significantly reduced. I'm therefore adding such a
bounded search operation.
2006-10-03 Bruno Haible
* gl_list.h (gl_sortedlist_search_from_to,
gl_sortedlist_indexof_from_to): New declarations.
Eric Blake wrote:
Hmm. The gnulib mkdtemp module does not take umask into account. Neither
does the mkdtemp variant of lib/tempname.c. Shouldn't these modules be
guaranteeing that the directory created has full user permissions, in
spite of the current umask? Or is it the caller's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Bruno Haible on 10/6/2006 6:14 AM:
Eric Blake wrote:
Hmm. The gnulib mkdtemp module does not take umask into account. Neither
does the mkdtemp variant of lib/tempname.c. Shouldn't these modules be
guaranteeing that the directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Bruno Haible on 10/6/2006 6:14 AM:
Comments just from reading the source:
fwriterror is still controversial for the reasons Paul mentioned
But I need it in GNU gettext.
I think I misunderstood you in my previous mail.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Paul Eggert on 9/29/2006 11:38 AM:
I like the basic idea. As I understand it this affects only programs
that issue warnings (i.e., they output to stderr but then continue
without affecting the exit status) but it's useful for that
PS: I also changed the javacomp module to make use of the new functions.
2006-10-06 Bruno Haible [EMAIL PROTECTED]
* javacomp.c (write_temp_file): Use fopen_temp, fwriteerror_temp
instead of fopen, fwriteerror.
*** javacomp.c 14 Sep 2006 14:18:36 - 1.7
--- javacomp.c
Eric Blake wrote:
Suppose the user is perverse
enough (usually, only when trying to hammer out corner cases just like
this ;) to run with a umask of 702 (ie. they want group but not user
privileges). As written, the current code creates an unusable directory.
Either we must document that a
Eric Blake [EMAIL PROTECTED] wrote:
According to Paul Eggert on 9/29/2006 11:38 AM:
I like the basic idea. As I understand it this affects only programs
that issue warnings (i.e., they output to stderr but then continue
without affecting the exit status) but it's useful for that case.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Bruno Haible on 10/6/2006 7:43 AM:
You are free to add a close_stream_temp function to the create-temp module
if you protect it with #ifdef so that it doesn't introduce a module
dependency.
May I apply the patch below to gnulib?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Eric Blake on 10/4/2006 12:10 PM:
I'm trying to convert CVS M4 to use clean-tmp instead of tmpfile-safer, in
part
so I can use the closeout module while minimally impacting the current code
base usage of temporary FILE* for storage
Eric Blake [EMAIL PROTECTED] writes:
May I apply the patch below to gnulib?
That's fine with me, for the close-stream/fcntl-safer/stdio-safer
side. I wish there were a simpler way but I don't see it offhand.
(Bruno of course needs to look at the clean-temp side.)
Eric Blake wrote:
May I apply the patch below to gnulib?
Yes, fine with me. Please apply.
Also, I'm suspicious of your use of xallocsa with PATH_MAX, on platforms
like Hurd where PATH_MAX is intentionally undefined because there is no
limit
Well seen. I'm adding this.
*** clean-temp.c
Eric Blake wrote:
M4 needs to know if
anything was written to stderr, so that it can exit with non-zero status
if the cleanup of temp files failed for any reason.
You really want m4 to exit with non-zero status just because it couldn't
clean up in /tmp? Oh well. It's implementable.
18 matches
Mail list logo