From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by sourceware.org (Postfix) with ESMTPS id 9E6813858437; Thu, 27 Jan 2022 14:27:28 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9E6813858437 Received: by mail-wr1-x42a.google.com with SMTP id f17so5184755wrx.1; Thu, 27 Jan 2022 06:27:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zZmQophPOcWO4rZpLI+EF+2nqEZhmCx861wOWxmTTgk=; b=aw1R1bplmnv+ZgIsqkJf+FEIXTlBgZdN5jpHFRHHoknmPL/XjeX+ke8iMMyi05iAPl IQ++9m+o29WXy5DIPOhG3f9eS2N36/qtauARMMtVZdQP6t2gUFhhLSrkBcXasfz1AVnU zGW/6wsWnEyGSfjzfY1DVwsFbbgxPic330ojbLTZOjnLjKp3Jnf25WvJu+h8R51EyR50 CkIUeHd5W2J3hCyjKgBgL3PyqyIIZgEtqUqnqNd/kgF2VEVwBE6aZk7BfAkCd6ruazcq o01D/YNuF7wEh6/67Y4MsBHDS7OF+Fd6IrSZzMWGOCEIj9+JYHIuvgYeeUuvmyYvcCj4 9uDw== X-Gm-Message-State: AOAM532KSFq7cHWE0kJaDOwv5Mcs7acgcrlMzxkyw8XarlOdIWCEPnRm oswLkR041O1WtlQYYwFHwMdlbRyt96RJHcpHORA= X-Google-Smtp-Source: ABdhPJymgA/8FBZduf088P/3MVjeLZiSMJq0IQIjRtBz/+3T/MmW+GdcvURP6K3qvQ7F+XsxCPzEi5EJJrfUcs1aOPQ= X-Received: by 2002:a05:6000:3c3:: with SMTP id b3mr3392965wrg.102.1643293647612; Thu, 27 Jan 2022 06:27:27 -0800 (PST) MIME-Version: 1.0 References: <20220125210951.864358-1-jwakely@redhat.com> In-Reply-To: From: Jonathan Wakely Date: Thu, 27 Jan 2022 14:27:12 +0000 Message-ID: Subject: Re: [committed] libstdc++: Avoid symlink race in filesystem::remove_all [PR104161] To: Jonathan Wakely Cc: Dimitar Dimitrov , "libstdc++" , gcc Patches , =?UTF-8?Q?Martin_Li=C5=A1ka?= X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2022 14:27:30 -0000 On Wed, 26 Jan 2022, 22:12 Jonathan Wakely via Libstdc++, < libstdc++@gcc.gnu.org> wrote: > On Wed, 26 Jan 2022 at 22:08, Dimitar Dimitrov wrote: > > > > On Tue, Jan 25, 2022 at 09:09:51PM +0000, Jonathan Wakely via > Gcc-patches wrote: > > > Tested x86_64-linux, pushed to trunk. Backports to follow. > > > > > > > > > This adds a new internal flag to the filesystem::directory_iterator > > > constructor that makes it fail if the path is a symlink that resolves > to > > > a directory. This prevents filesystem::remove_all from following a > > > symlink to a directory, rather than deleting the symlink itself. > > > > > > We can also use that new flag in recursive_directory_iterator to ensu= re > > > that we don't follow symlinks if the follow_directory_symlink option = is > > > not set. > > > > > > This also moves an error check in filesystem::remove_all after the > while > > > loop, so that errors from the directory_iterator constructor are > > > reproted, instead of continuing to the filesystem::remove call below. > > > > > > libstdc++-v3/ChangeLog: > > > > > > PR libstdc++/104161 > > > * acinclude.m4 (GLIBCXX_CHECK_FILESYSTEM_DEPS): Check for > > > fdopendir. > > > * config.h.in: Regenerate. > > > * configure: Regenerate. > > > * src/c++17/fs_dir.cc (_Dir): Add nofollow flag to constructor > > > and pass it to base class constructor. > > > (directory_iterator): Pass nofollow flag to _Dir constructor. > > > (fs::recursive_directory_iterator::increment): Likewise. > > > * src/c++17/fs_ops.cc (do_remove_all): Use nofollow option for > > > directory_iterator constructor. Move error check outside loop. > > > * src/filesystem/dir-common.h (_Dir_base): Add nofollow flag to > > > constructor and when it's set use ::open with O_NOFOLLOW and > > > O_DIRECTORY. > > > * src/filesystem/dir.cc (_Dir): Add nofollow flag to constructo= r > > > and pass it to base class constructor. > > > (directory_iterator): Pass nofollow flag to _Dir constructor. > > > (fs::recursive_directory_iterator::increment): Likewise. > > > * src/filesystem/ops.cc (remove_all): Use nofollow option for > > > directory_iterator constructor. Move error check outside loop. > > > --- > > > libstdc++-v3/acinclude.m4 | 12 ++++++ > > > libstdc++-v3/config.h.in | 3 ++ > > > libstdc++-v3/configure | 55 ++++++++++++++++++++++= ++ > > > libstdc++-v3/src/c++17/fs_dir.cc | 13 ++++-- > > > libstdc++-v3/src/c++17/fs_ops.cc | 12 +++--- > > > libstdc++-v3/src/filesystem/dir-common.h | 48 ++++++++++++++++----- > > > libstdc++-v3/src/filesystem/dir.cc | 13 ++++-- > > > libstdc++-v3/src/filesystem/ops.cc | 6 +-- > > > 8 files changed, 134 insertions(+), 28 deletions(-) > > > > > > diff --git a/libstdc++-v3/acinclude.m4 b/libstdc++-v3/acinclude.m4 > > > index d996477254c..7b6b807114a 100644 > > > --- a/libstdc++-v3/acinclude.m4 > > > +++ b/libstdc++-v3/acinclude.m4 > > > @@ -4735,6 +4735,18 @@ dnl > > > if test $glibcxx_cv_truncate =3D yes; then > > > AC_DEFINE(HAVE_TRUNCATE, 1, [Define if truncate is available in > .]) > > > fi > > > +dnl > > > + AC_CACHE_CHECK([for fdopendir], > > > + glibcxx_cv_fdopendir, [dnl > > > + GCC_TRY_COMPILE_OR_LINK( > > > + [#include ], > > > + [::fdopendir(1);], > > > + [glibcxx_cv_fdopendir=3Dyes], > > > + [glibcxx_cv_fdopendir=3Dno]) > > > + ]) > > > + if test $glibcxx_cv_truncate =3D yes; then > > > > This is a typo. Should check glibcxx_cv_fdopendir. > > Oops, thanks! Copy&pasto. > Martin Li=C5=A1ka is fixing this now (thanks!)