Thread: [Module::Build] Re: [Module-build-checkins] [svn:Module-Build] r5891 - in Module-Build/trunk: . lib/
Status: Beta
Brought to you by:
kwilliams
Menu
▾
▴
module-build-general
|
From: Ken W. <ke...@ma...> - 2006-04-11 22:36:20
|
Hey,
I wonder whether we should check for executability with "-x $file"
rather than "(stat $file)[2] & 0111". Besides being simpler, it
seems like it might DTRT on more platforms, where stat values might
be nontrustworthy.
-Ken
On Apr 11, 2006, at 3:30 AM, ra...@cv... wrote:
> ======================================================================
> ========
> --- Module-Build/trunk/lib/Module/Build/Base.pm (original)
> +++ Module-Build/trunk/lib/Module/Build/Base.pm Tue Apr 11 01:30:57
> 2006
> @@ -3933,12 +3933,10 @@
>
> $self->log_info("$file -> $to_path\n") if $args{verbose};
> File::Copy::copy($file, $to_path) or die "Can't copy('$file',
> '$to_path'): $!";
> - # preserve mode & timestamps; copied from
> ExtUtils::Install::pm_to_blib
> - my($mode, $atime, $mtime) = (stat $file)[2,8,9];
> - my $mtime_adj = ($self->os_type eq 'VMS') ? 1 : 0;
> - utime($atime, $mtime + $mtime_adj, $to_path);
> + # mode is read-only + (executable if source is executable)
> + my $mode = (stat $file)[2];
> $mode = 0444 | ( $mode & 0111 ? 0111 : 0 );
> - chmod($mode, $to_path);
> + chmod( $mode, $to_path );
>
> return $to_path;
> }
|
|
From: demerphq <dem...@gm...> - 2006-04-12 07:26:39
|
On 4/12/06, Ken Williams <ke...@ma...> wrote: > > On Apr 11, 2006, at 6:46 PM, Randy W. Sims wrote: > > > Ken Williams wrote: > >> Hey, > >> I wonder whether we should check for executability with "-x $file" > >> rather than "(stat $file)[2] & 0111". Besides being simpler, it > >> seems like it might DTRT on more platforms, where stat values > >> might be nontrustworthy. > > > > You mean like so: > > > > $mode =3D 0444 | ( -x $file ? 0111 : 0 ); > > Yup, I'll make the change. Seems to me that if -x and stat with the appropriate mask arent returning the same thing you have a bug in Perl. The only situation in blead where Im not sure that they will be identical is VMS, otherwise from what i can tell the -X tests are just perl doing the appropriate masking for you. Where stat doesnt behave correctly Perl fakes it. Or at least from what I can tell it /should/. Do you guys actually have evidence that they are different somewhere? Have I missed something in the docs? Cheers, Yves -- perl -Mre=3Ddebug -e "/just|another|perl|hacker/" |
|
From: Ken W. <ke...@ma...> - 2006-04-12 17:34:03
|
On Apr 12, 2006, at 2:26 AM, demerphq wrote: > On 4/12/06, Ken Williams <ke...@ma...> wrote: >> >> On Apr 11, 2006, at 6:46 PM, Randy W. Sims wrote: >> >>> Ken Williams wrote: >>>> Hey, >>>> I wonder whether we should check for executability with "-x $file" >>>> rather than "(stat $file)[2] & 0111". Besides being simpler, it >>>> seems like it might DTRT on more platforms, where stat values >>>> might be nontrustworthy. >>> >>> You mean like so: >>> >>> $mode = 0444 | ( -x $file ? 0111 : 0 ); >> >> Yup, I'll make the change. > > Seems to me that if -x and stat with the appropriate mask arent > returning the same thing you have a bug in Perl. Not necessarily. On Unix, for example, if the permissions on a file you own are 0445, then "(stat $file)[2] & 0111" will return true but "-x $file" will return false. Maybe that means we're not using "the appropriate mask", but what would an appropriate mask be in all the situations we care about? Probably none exists. -Ken |
|
From: Julian M. <ju...@me...> - 2006-04-23 17:13:37
|
Ken Williams wrote:
> demerphq wrote:
> > Randy W. Sims wrote:
> > > Ken Williams wrote:
> > > > I wonder whether we should check for executability with "-x $file"
> > > > rather than "(stat $file)[2] & 0111". Besides being simpler, it
> > > > seems like it might DTRT on more platforms, where stat values might
> > > > be nontrustworthy.
> > >
> > > You mean like so:
> > >
> > > $mode =3D 0444 | ( -x $file ? 0111 : 0 );
> >
> > Seems to me that if -x and stat with the appropriate mask arent
> > returning the same thing you have a bug in Perl.
>
> Not necessarily. On Unix, for example, if the permissions on a file
> you own are 0445, then "(stat $file)[2] & 0111" will return true but
> "-x $file" will return false. Maybe that means we're not using "the
> appropriate mask", but what would an appropriate mask be in all the
> situations we care about? Probably none exists.
Sorry for my late comment on this.
`perldoc -f -x` is interesting:
| The interpretation of the file permission operators "-r", "-R", "-w",
| "-W", "-x", and "-X" is by default based solely on the mode of the file
| and the uids and gids of the user. There may be other reasons you can't
| actually read, write, or execute the file. Such reasons may be for
| example network filesystem access controls, ACLs (access control lists),
| read-only filesystems, and unrecognized executable formats.
|=20
| Also note that, for the superuser on the local filesystems, the "-r",
| "-R", "-w", and "-W" tests always return 1, and "-x" and "-X" return 1
| if any execute bit is set in the mode. Scripts run by the superuser may
| thus need to do a stat() to determine the actual mode of the file, or
| temporarily set their effective uid to something else.
On Linux/Unix:
| $ ls -go --time-style=3D+
| total 0
| -rw-r--r-- 1 0 f---------
| -rw-r--r-x 1 0 f--------x
| -rw-r-xr-- 1 0 f-----x---
| -rw-r-xr-x 1 0 f-----x--x
| -rwxr--r-- 1 0 f--x------
| -rwxr--r-x 1 0 f--x-----x
| -rwxr-xr-x 1 0 f--x--x--x
| $ perl -e 'printf("%s: -x =3D %s\n", $_, -x $_ || "0") for @ARGV' *
| f---------: -x =3D 0
| f--------x: -x =3D 0
| f-----x---: -x =3D 0
| f-----x--x: -x =3D 0
| f--x------: -x =3D 1
| f--x-----x: -x =3D 1
| f--x--x--x: -x =3D 1
| $ sudo perl -e 'printf("%s: -x =3D %s\n", $_, -x $_ || "0") for @ARGV' *
| f---------: -x =3D 0
| f--------x: -x =3D 1
| f-----x---: -x =3D 1
| f-----x--x: -x =3D 1
| f--x------: -x =3D 1
| f--x-----x: -x =3D 1
| f--x--x--x: -x =3D 1
So apparently -x always returns true for root, and (mode & 0100) for=20
non-root.
Also:
| $ sudo -u julian ./f--x------
| $ sudo -u julian ./f--------x
| sudo: unable to execute ./f--------x: Permission denied
| $ sudo ./f--x------
| $ sudo ./f--------x
| $
If a file really is 0445 (0455), then I think it is reasonably safe to=20
assume that either ug-x (u-x) was _deliberately_ set or that o+x (go+x)=20
was _accidentally_ set, and that therefore "not x" should be assumed. IOW,=
=20
it should be reasonably safe to consider the user x bit authoritative.
Thus Module::Build should use -x for the executable check. However since=20
root (e.g. during `Build install`) always sees files as "x" if _any_ x bit=
=20
is set, M::B would have to emulate -x's non-root behavior:
my $mode =3D 0444 | ( (stat($file))[2] & 0100 ? 0111 : 0 );
|
|
From: Ken W. <ke...@ma...> - 2006-04-25 12:37:05
|
On Apr 23, 2006, at 12:13 PM, Julian Mehnle wrote: > > So apparently -x always returns true for root, and (mode & 0100) for > non-root. > > Also: > > | $ sudo -u julian ./f--x------ > | $ sudo -u julian ./f--------x > | sudo: unable to execute ./f--------x: Permission denied > | $ sudo ./f--x------ > | $ sudo ./f--------x > | $ > > If a file really is 0445 (0455), then I think it is reasonably safe to > assume that either ug-x (u-x) was _deliberately_ set or that o+x (go > +x) > was _accidentally_ set, and that therefore "not x" should be > assumed. IOW, > it should be reasonably safe to consider the user x bit authoritative. > > Thus Module::Build should use -x for the executable check. However > since > root (e.g. during `Build install`) always sees files as "x" if > _any_ x bit > is set, M::B would have to emulate -x's non-root behavior: > > my $mode = 0444 | ( (stat($file))[2] & 0100 ? 0111 : 0 ); Well, the 0100 mask isn't quite right I think, because the user might not be the owner. In this special case perhaps we can count on the user being the owner of files in blib/ though, I'm not sure. Certainly it would be true on *nix. The point about root & -x is certainly true, I hadn't thought about that. We'll have to fix that. -Ken |
|
From: Ken W. <ke...@ma...> - 2006-05-03 04:11:24
|
On Apr 25, 2006, at 7:36 AM, Ken Williams wrote: > > On Apr 23, 2006, at 12:13 PM, Julian Mehnle wrote: > >> >> So apparently -x always returns true for root, and (mode & 0100) for >> non-root. >> >> Also: >> >> | $ sudo -u julian ./f--x------ >> | $ sudo -u julian ./f--------x >> | sudo: unable to execute ./f--------x: Permission denied >> | $ sudo ./f--x------ >> | $ sudo ./f--------x >> | $ >> >> If a file really is 0445 (0455), then I think it is reasonably >> safe to >> assume that either ug-x (u-x) was _deliberately_ set or that o+x >> (go+x) >> was _accidentally_ set, and that therefore "not x" should be >> assumed. IOW, >> it should be reasonably safe to consider the user x bit >> authoritative. >> >> Thus Module::Build should use -x for the executable check. >> However since >> root (e.g. during `Build install`) always sees files as "x" if >> _any_ x bit >> is set, M::B would have to emulate -x's non-root behavior: >> >> my $mode = 0444 | ( (stat($file))[2] & 0100 ? 0111 : 0 ); > > > Well, the 0100 mask isn't quite right I think, because the user > might not be the owner. In this special case perhaps we can count > on the user being the owner of files in blib/ though, I'm not > sure. Certainly it would be true on *nix. > > The point about root & -x is certainly true, I hadn't thought about > that. We'll have to fix that. I've committed this to the repo, thanks for the research. -Ken |
|
From: Randy W. S. <ml...@th...> - 2006-04-11 23:46:14
|
Ken Williams wrote: > Hey, > > I wonder whether we should check for executability with "-x $file" > rather than "(stat $file)[2] & 0111". Besides being simpler, it seems > like it might DTRT on more platforms, where stat values might be > nontrustworthy. You mean like so: $mode = 0444 | ( -x $file ? 0111 : 0 ); Yeah, that probably is clearer. Randy. |
|
From: Ken W. <ke...@ma...> - 2006-04-12 03:55:51
|
On Apr 11, 2006, at 6:46 PM, Randy W. Sims wrote: > Ken Williams wrote: >> Hey, >> I wonder whether we should check for executability with "-x $file" >> rather than "(stat $file)[2] & 0111". Besides being simpler, it >> seems like it might DTRT on more platforms, where stat values >> might be nontrustworthy. > > You mean like so: > > $mode = 0444 | ( -x $file ? 0111 : 0 ); Yup, I'll make the change. -Ken |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X