See attached patch.
felix
From fc4b142bfd889e4c1b7157a7691836eeed344f7f Mon Sep 17 00:00:00 2001
From: Felix Winkelmann <felix.winkelm...@bevuta.com>
Date: Fri, 3 Mar 2023 00:07:19 +0100
Subject: [PATCH] Added option to csc to disable runtime option processing
---
NEWS | 2 ++
chicken.h | 9 +++++++++
csc.mdoc | 4 ++++
csc.scm | 9 +++++++--
library.scm | 3 ++-
manual/Using the compiler | 7 +++++++
runtime.c | 3 +++
7 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index 23661fc2..1e29004b 100644
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,8 @@
- chicken-install now accepts the -location command line option
(short: -l) to specify local directories where to get egg sources
from.
+ - csc accepts the -disable-runtime-options flag now to disable
+ all processing of runtime options for compiled programs.
- Compiler
- When emitting types files, the output list is now sorted, to ensure
diff --git a/chicken.h b/chicken.h
index 9d15ab74..fa6a5ce9 100644
--- a/chicken.h
+++ b/chicken.h
@@ -1564,6 +1564,12 @@ typedef void (C_ccall *C_proc)(C_word, C_word *) C_noret;
# define C_set_gui_mode
#endif
+#ifdef C_DISABLE_RUNTIME_OPTIONS
+# define C_set_runtime_options C_runtime_options = 0
+#else
+# define C_set_runtime_options
+#endif
+
/**
* SEARCH_EXE_PATH is defined on platforms on which we must search for
* the current executable. Because this search is sensitive to things
@@ -1588,6 +1594,7 @@ typedef void (C_ccall *C_proc)(C_word, C_word *) C_noret;
C_gui_mode = 1; \
C_set_main_exe(argv[0]); \
C_private_repository(); \
+ C_set_runtime_options; \
return CHICKEN_main(0, NULL, (void *)C_toplevel); \
}
# else
@@ -1597,6 +1604,7 @@ typedef void (C_ccall *C_proc)(C_word, C_word *) C_noret;
C_set_gui_mode; \
C_set_main_exe(argv[0]); \
C_private_repository(); \
+ C_set_runtime_options; \
return CHICKEN_main(argc, argv, (void*)C_toplevel); \
}
# endif
@@ -1696,6 +1704,7 @@ C_varextern C_TLS jmp_buf C_restart;
C_varextern C_TLS void *C_restart_address;
C_varextern C_TLS int C_entry_point_status;
C_varextern C_TLS int C_gui_mode;
+C_varextern C_TLS int C_runtime_options;
C_varextern C_TLS int C_enable_repl;
C_varextern C_TLS void *C_restart_trampoline;
diff --git a/csc.mdoc b/csc.mdoc
index a930a3f9..c5ad06db 100644
--- a/csc.mdoc
+++ b/csc.mdoc
@@ -232,6 +232,10 @@ Compile as embedded
.Pc .
.It Fl gui
Compile as GUI application.
+.It Fl disable-runtime-options
+Disable any handling of "-:..." runtime command line options
+for executables. When compiling libraries, this option has
+no effect.
.It Fl link Ar NAME
Link extension with compiled executable
.Po implies Sq Fl uses
diff --git a/csc.scm b/csc.scm
index 1fe896b7..8ab8960f 100644
--- a/csc.scm
+++ b/csc.scm
@@ -431,7 +431,7 @@ Usage: #{csc} [OPTION ...] [FILENAME ...]
-clustering combine groups of local procedures into
dispatch
loop
-lfa2 perform additional lightweight
flow-analysis pass
- -unroll-limit LIMIT specifies inlining limit for self-recursive
calls
+ -unroll-limit LIMIT specifies inlining limit for self-recursive
calls
Configuration options:
@@ -449,7 +449,10 @@ Usage: #{csc} [OPTION ...] [FILENAME ...]
-e -embedded compile as embedded
(don't generate `main()')
- -gui compile as GUI application
+ -gui compile as GUI application
+ -disable-runtime-options disable any handling of "-:..." runtime
command
+ line options for programs (ineffective for
+ libraries)
-link NAME link extension with compiled executable
(implies -uses)
-R -require-extension NAME require extension and import in compiled
@@ -707,6 +710,8 @@ EOF
(set! link-options
(cons* "-lkernel32" "-luser32" "-lgdi32" "-mwindows"
link-options)))]
+ ((-disable-runtime-options)
+ (set! compile-options (cons "-DC_DISABLE_RUNTIME_OPTIONS"
compile-options)))
((-deployed)
(set! deployed #t))
[(-framework)
diff --git a/library.scm b/library.scm
index 9fc663e0..7079ac72 100644
--- a/library.scm
+++ b/library.scm
@@ -6032,7 +6032,8 @@ static C_word C_fcall C_setenv(C_word x, C_word y) {
(define command-line-arguments
(make-parameter
(let ([args (argv)])
- (if (pair? args)
+ (if (and (pair? args)
+ (not (zero? (foreign-value "C_runtime_options" int))))
(let loop ([args (##sys#slot args 1)])
(if (null? args)
'()
diff --git a/manual/Using the compiler b/manual/Using the compiler
index 51cd9ffc..bd2b6936 100644
--- a/manual/Using the compiler
+++ b/manual/Using the compiler
@@ -225,6 +225,13 @@ compiler itself) accept a small set of runtime options.
These are filtered out
by the startup code and will not be contained in the result of
{{(command-line-arguments)}}.
+The processing of runtime options can also be completely disabled
+by compiling a program with the {{csc}} option {{-disable-runtime-options}}.
+In this case, options of the form {{-:...}} are ignored and are
+not removed from the arguments returned by {{command-line-arguments}}.
+It is recommended to compile security-sensitive programs with this
+option if they execute with high privileges.
+
; {{-:?}} : Shows a list of the available runtime options and exits the
program.
; {{-:aNUMBER}} : Specifies the length of the buffer for recording a trace of
the last invoked procedures. Defaults to 16.
diff --git a/runtime.c b/runtime.c
index 76f0e12c..38245752 100644
--- a/runtime.c
+++ b/runtime.c
@@ -336,6 +336,7 @@ C_TLS C_word (*C_debugger_hook)(C_DEBUG_INFO *cell, C_word
c, C_word *av, C_char
C_TLS int
C_gui_mode = 0,
+ C_runtime_options = 1,
C_abort_on_thread_exceptions,
C_enable_repl,
C_interrupts_enabled,
@@ -1349,6 +1350,8 @@ void CHICKEN_parse_command_line(int argc, char *argv[],
C_word *heap, C_word *st
*stack = DEFAULT_STACK_SIZE;
*symbols = DEFAULT_SYMBOL_TABLE_SIZE;
+ if(!C_runtime_options) return;
+
for(i = 1; i < C_main_argc; ++i)
if(!strncmp(C_main_argv[ i ], C_text("-:"), 2)) {
for(ptr = &C_main_argv[ i ][ 2 ]; *ptr != '\0';) {
--
2.33.0
