From: Richard M K. <kr...@us...> - 2008-01-10 01:48:22
|
Update of /cvsroot/sbcl/sbcl/src/code In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv20391/src/code Modified Files: filesys.lisp run-program.lisp unix.lisp Log Message: 1.0.13.19: Odds and ends (OpenBSD NEWS, minor bug in PROBE-FILE, mkstemp()) * Add note about OpenBSD revival in NEWS * PROBE-FILE, TRUENAME were returning an extra value from filename parsing * Have our internal mkstemp() binding take a mode, and remove unix-chmod from sb-unix. This slightly improves RUN-PROGRAM security on Unix platforms where mkstemp() doesn't create a new file with mode #o0600. Index: filesys.lisp =================================================================== RCS file: /cvsroot/sbcl/sbcl/src/code/filesys.lisp,v retrieving revision 1.70 retrieving revision 1.71 diff -u -d -r1.70 -r1.71 --- filesys.lisp 5 Jan 2008 14:43:13 -0000 1.70 +++ filesys.lisp 10 Jan 2008 01:48:12 -0000 1.71 @@ -522,22 +522,24 @@ (declare (ignore ino nlink gid rdev size atime)) (if existsp (case query-for - (:truename (parse-native-namestring - ;; Note: in case the file is stat'able, POSIX - ;; realpath(3) gets us a canonical absolute - ;; filename, even if the post-merge PATHNAME - ;; is not absolute... - (multiple-value-bind (realpath errno) - (sb!unix:unix-realpath filename) - (if realpath - realpath - (simple-file-perror "couldn't resolve ~A" - filename errno))) - (pathname-host pathname) - (sane-default-pathname-defaults) - ;; ... but without any trailing slash. - :as-directory (eql (logand mode sb!unix:s-ifmt) - sb!unix:s-ifdir))) + (:truename (nth-value + 0 + (parse-native-namestring + ;; Note: in case the file is stat'able, POSIX + ;; realpath(3) gets us a canonical absolute + ;; filename, even if the post-merge PATHNAME + ;; is not absolute... + (multiple-value-bind (realpath errno) + (sb!unix:unix-realpath filename) + (if realpath + realpath + (simple-file-perror "couldn't resolve ~A" + filename errno))) + (pathname-host pathname) + (sane-default-pathname-defaults) + ;; ... but without any trailing slash. + :as-directory (eql (logand mode sb!unix:s-ifmt) + sb!unix:s-ifdir)))) (:author (sb!unix:uid-username uid)) (:write-date (+ unix-to-universal-time mtime))) (progn @@ -577,25 +579,27 @@ ;; re-merge against *DEFAULT-PATHNAME-DEFAULTS*, ;; since PATHNAME may be a relative pathname. (merge-pathnames - (parse-native-namestring - (multiple-value-bind (realpath errno) - (sb!unix:unix-realpath - (native-namestring - (make-pathname - :name :unspecific - :type :unspecific - :version :unspecific - :defaults (parse-native-namestring - filename - (pathname-host pathname) - (sane-default-pathname-defaults))))) - (if realpath - realpath - (simple-file-perror "couldn't resolve ~A" - filename errno))) - (pathname-host pathname) - (sane-default-pathname-defaults) - :as-directory t) + (nth-value + 0 + (parse-native-namestring + (multiple-value-bind (realpath errno) + (sb!unix:unix-realpath + (native-namestring + (make-pathname + :name :unspecific + :type :unspecific + :version :unspecific + :defaults (parse-native-namestring + filename + (pathname-host pathname) + (sane-default-pathname-defaults))))) + (if realpath + realpath + (simple-file-perror "couldn't resolve ~A" + filename errno))) + (pathname-host pathname) + (sane-default-pathname-defaults) + :as-directory t)) pathname)) (:author (sb!unix:uid-username uid)) (:write-date (+ unix-to-universal-time mtime)))))) Index: run-program.lisp =================================================================== RCS file: /cvsroot/sbcl/sbcl/src/code/run-program.lisp,v retrieving revision 1.72 retrieving revision 1.73 diff -u -d -r1.72 -r1.73 --- run-program.lisp 9 Jan 2008 19:12:23 -0000 1.72 +++ run-program.lisp 10 Jan 2008 01:48:12 -0000 1.73 @@ -921,14 +921,10 @@ ;; run afoul of disk quotas or to choke on small /tmp file systems. (flet ((make-temp-fd () (multiple-value-bind (fd name/errno) - (sb-unix:unix-mkstemp "/tmp/.run-program-XXXXXX") + (sb-unix:sb-mkstemp "/tmp/.run-program-XXXXXX" #o0600) (unless fd (error "could not open a temporary file: ~A" (strerror name/errno))) - #-win32 #|FIXME: should say (logior s_irusr s_iwusr)|# - (unless (sb-unix:unix-chmod name/errno #o600) - (sb-unix:unix-close fd) - (error "failed to chmod the temporary file?!")) (unless (sb-unix:unix-unlink name/errno) (sb-unix:unix-close fd) (error "failed to unlink ~A" name/errno)) Index: unix.lisp =================================================================== RCS file: /cvsroot/sbcl/sbcl/src/code/unix.lisp,v retrieving revision 1.90 retrieving revision 1.91 diff -u -d -r1.90 -r1.91 --- unix.lisp 4 Jan 2008 01:49:37 -0000 1.90 +++ unix.lisp 10 Jan 2008 01:48:12 -0000 1.91 @@ -180,16 +180,22 @@ ;;;; stdlib.h ;;; There are good reasons to implement some OPEN options with an -;;; mkstemp(3) followed by a fchmod(2) followed by a rename(2), but we -;;; don't do that yet. Instead, this function is used only to make a -;;; temporary file for RUN-PROGRAM. sb_mkstemp() is a wrapper that -;;; lives in src/runtime/wrap.c. -(defun unix-mkstemp (template-string) +;;; mkstemp(3)-like routine, but we don't do that yet. Instead, this +;;; function is used only to make a temporary file for RUN-PROGRAM. +;;; sb_mkstemp() is a wrapper that lives in src/runtime/wrap.c. Since +;;; SUSv3 mkstemp() doesn't specify the mode of the created file and +;;; since we have to implement most of this ourselves for Windows +;;; anyway, it seems worthwhile to depart from the mkstemp() +;;; specification by taking a mode to use when creating the new file. +(defun sb-mkstemp (template-string mode) + (declare (type string template-string) + (type unix-file-mode mode)) (let ((template-buffer (string-to-octets template-string))) (with-pinned-objects (template-buffer) (let ((fd (alien-funcall (extern-alien "sb_mkstemp" - (function int (* char))) - (vector-sap template-buffer)))) + (function int (* char) int)) + (vector-sap template-buffer) + mode))) (if (minusp fd) (values nil (get-errno)) (values fd (octets-to-string template-buffer))))))) @@ -761,17 +767,6 @@ (syscall ("fstat_wrapper" int (* (struct wrapped_stat))) (%extract-stat-results (addr buf)) fd (addr buf)))) - -;;; RUN-PROGRAM creates temporary files with mkstemp, but SUSv3 -;;; doesn't specify the mode of a newly created file under mkstemp, -;;; and C libraries may vary, so we fix the mode ourselves. -;;; Eventually some OPEN actions should probably be implemented with -;;; mkstemp(3)/chmod(2)/rename(2) as well. -#!-win32 -(defun unix-chmod (path mode) - (declare (type unix-pathname path) - (type unix-file-mode mode)) - (void-syscall ("chmod" c-string int) path mode)) ;;;; time.h |