Re: [committed] libstdc++: Avoid symlink race in filesystem::remove_all [PR104161]

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Jonathan Wakely <jwakely@redhat.com>
To: Dimitar Dimitrov <dimitar@dinux.eu>
Cc: "libstdc++" <libstdc++@gcc.gnu.org>,
	gcc Patches <gcc-patches@gcc.gnu.org>
Subject: Re: [committed] libstdc++: Avoid symlink race in filesystem::remove_all [PR104161]
Date: Wed, 26 Jan 2022 22:11:17 +0000	[thread overview]
Message-ID: <CACb0b4n9vhX4=8TWuC8QQ7qZ1S5v_Jhru0xDynr-L=MZWdParQ@mail.gmail.com> (raw)
In-Reply-To: <YfHGFITJzs2s+g4E@kendros>

On Wed, 26 Jan 2022 at 22:08, Dimitar Dimitrov <dimitar@dinux.eu> wrote:
>
> On Tue, Jan 25, 2022 at 09:09:51PM +0000, Jonathan Wakely via Gcc-patches wrote:
> > Tested x86_64-linux, pushed to trunk. Backports to follow.
> >
> >
> > This adds a new internal flag to the filesystem::directory_iterator
> > constructor that makes it fail if the path is a symlink that resolves to
> > a directory. This prevents filesystem::remove_all from following a
> > symlink to a directory, rather than deleting the symlink itself.
> >
> > We can also use that new flag in recursive_directory_iterator to ensure
> > that we don't follow symlinks if the follow_directory_symlink option is
> > not set.
> >
> > This also moves an error check in filesystem::remove_all after the while
> > loop, so that errors from the directory_iterator constructor are
> > reproted, instead of continuing to the filesystem::remove call below.
> >
> > libstdc++-v3/ChangeLog:
> >
> >       PR libstdc++/104161
> >       * acinclude.m4 (GLIBCXX_CHECK_FILESYSTEM_DEPS): Check for
> >       fdopendir.
> >       * config.h.in: Regenerate.
> >       * configure: Regenerate.
> >       * src/c++17/fs_dir.cc (_Dir): Add nofollow flag to constructor
> >       and pass it to base class constructor.
> >       (directory_iterator): Pass nofollow flag to _Dir constructor.
> >       (fs::recursive_directory_iterator::increment): Likewise.
> >       * src/c++17/fs_ops.cc (do_remove_all): Use nofollow option for
> >       directory_iterator constructor. Move error check outside loop.
> >       * src/filesystem/dir-common.h (_Dir_base): Add nofollow flag to
> >       constructor and when it's set use ::open with O_NOFOLLOW and
> >       O_DIRECTORY.
> >       * src/filesystem/dir.cc (_Dir): Add nofollow flag to constructor
> >       and pass it to base class constructor.
> >       (directory_iterator): Pass nofollow flag to _Dir constructor.
> >       (fs::recursive_directory_iterator::increment): Likewise.
> >       * src/filesystem/ops.cc (remove_all): Use nofollow option for
> >       directory_iterator constructor. Move error check outside loop.
> > ---
> >  libstdc++-v3/acinclude.m4                | 12 ++++++
> >  libstdc++-v3/config.h.in                 |  3 ++
> >  libstdc++-v3/configure                   | 55 ++++++++++++++++++++++++
> >  libstdc++-v3/src/c++17/fs_dir.cc         | 13 ++++--
> >  libstdc++-v3/src/c++17/fs_ops.cc         | 12 +++---
> >  libstdc++-v3/src/filesystem/dir-common.h | 48 ++++++++++++++++-----
> >  libstdc++-v3/src/filesystem/dir.cc       | 13 ++++--
> >  libstdc++-v3/src/filesystem/ops.cc       |  6 +--
> >  8 files changed, 134 insertions(+), 28 deletions(-)
> >
> > diff --git a/libstdc++-v3/acinclude.m4 b/libstdc++-v3/acinclude.m4
> > index d996477254c..7b6b807114a 100644
> > --- a/libstdc++-v3/acinclude.m4
> > +++ b/libstdc++-v3/acinclude.m4
> > @@ -4735,6 +4735,18 @@ dnl
> >    if test $glibcxx_cv_truncate = yes; then
> >      AC_DEFINE(HAVE_TRUNCATE, 1, [Define if truncate is available in <unistd.h>.])
> >    fi
> > +dnl
> > +  AC_CACHE_CHECK([for fdopendir],
> > +    glibcxx_cv_fdopendir, [dnl
> > +    GCC_TRY_COMPILE_OR_LINK(
> > +      [#include <dirent.h>],
> > +      [::fdopendir(1);],
> > +      [glibcxx_cv_fdopendir=yes],
> > +      [glibcxx_cv_fdopendir=no])
> > +  ])
> > +  if test $glibcxx_cv_truncate = yes; then
>
> This is a typo. Should check glibcxx_cv_fdopendir.

Oops, thanks! Copy&pasto.

next prev parent reply	other threads:[~2022-01-26 22:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-25 21:09 Jonathan Wakely
2022-01-26 22:07 ` Dimitar Dimitrov
2022-01-26 22:11   ` Jonathan Wakely [this message]
2022-01-27 14:27     ` Jonathan Wakely

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACb0b4n9vhX4=8TWuC8QQ7qZ1S5v_Jhru0xDynr-L=MZWdParQ@mail.gmail.com' \
    --to=jwakely@redhat.com \
    --cc=dimitar@dinux.eu \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=libstdc++@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).