From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 36023 invoked by alias); 20 Oct 2018 02:35:45 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 36007 invoked by uid 89); 20 Oct 2018 02:35:44 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy=UD:ca, executables X-HELO: simark.ca Received: from simark.ca (HELO simark.ca) (158.69.221.121) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 20 Oct 2018 02:35:42 +0000 Received: from [10.0.0.11] (unknown [192.222.164.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by simark.ca (Postfix) with ESMTPSA id 6FCB31E870; Fri, 19 Oct 2018 22:35:40 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=simark.ca; s=mail; t=1540002940; bh=hXS/0Dn0fRY2HtY0Td+Vq1EqiykOVglOc3vyQiIlWLc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=UafPlJnG8qVebDjhTU3gFf/kOp6FdZT/5e2vpMVMs1zOPwLp9ZkI1gJo2eam17Vs1 HI0rNgHxPxwG8U998WbbagFxGrGnrThQornYN54/PUutb61WhEyM6KdcswUIaMvLdG j35190wDnY4nNeLygviGXI3wB5yHQ4dIy1nb0fbo= Subject: Re: [PATCH v2 6/6] Cache a copy of the user's shell on macOS To: Tom Tromey , gdb-patches@sourceware.org References: <20181018223100.20693-1-tom@tromey.com> <20181018223100.20693-7-tom@tromey.com> From: Simon Marchi Message-ID: <122644af-7120-4b29-3138-d97d5443cbe0@simark.ca> Date: Sat, 20 Oct 2018 02:35:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <20181018223100.20693-7-tom@tromey.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-SW-Source: 2018-10/txt/msg00446.txt.bz2 On 2018-10-18 6:31 p.m., Tom Tromey wrote: > +/* If $SHELL is restricted, try to cache a copy. Starting with El > + Capitan, macOS introduced System Integrity Protection. Among other > + things, this prevents certain executables from being ptrace'd. In > + particular, executables in /bin, like most shells, are affected. > + To work around this, while preserving command-line glob expansion > + and redirections, gdb will cache a copy of the shell. Return true > + if all is well -- either the shell is not subject to SIP or it has > + been successfully cached. Returns false if something failed. */ > + > +static bool > +maybe_cache_shell () > +{ > + /* SF_RESTRICTED is defined in sys/stat.h and lets us determine if a > + given file is subject to SIP. */ > +#ifdef SF_RESTRICTED > + > + /* If a check fails we want to revert -- maybe the user deleted the > + cache while gdb was running, or something like that. */ > + copied_shell = nullptr; > + > + const char *shell = get_shell (); > + if (!IS_ABSOLUTE_PATH (shell)) > + { > + warning (_("This version of macOS has System Integrity Protection.\n\ > +Normally gdb would try to work around this by caching a copy of your shell,\n\ > +but because your shell (%s) is not an absolute path, this is being skipped."), > + shell); > + return false; > + } > + > + struct stat sb; > + if (stat (shell, &sb) < 0) > + { > + warning (_("This version of macOS has System Integrity Protection.\n\ > +Normally gdb would try to work around this by caching a copy of your shell,\n\ > +but because gdb could not stat your shell (%s), this is being skipped.\n\ > +The error was: %s"), > + shell, safe_strerror (errno)); > + return false; > + } > + > + if ((sb.st_flags & SF_RESTRICTED) == 0) > + return true; > + > + /* Put the copy somewhere like ~/Library/Caches/gdb/bin/sh. */ > + std::string new_name = get_standard_cache_dir (); > + if (!IS_DIR_SEPARATOR (new_name.back ()) && !IS_ABSOLUTE_PATH (shell)) I mentioned something about this on the version of the patch, but you might have missed it since you didn't reply to that specifically, so I'll send it again just to be sure: I believe this !IS_ABSOLUTE_PATH check can never be true, since we would have returned early if it was the case? If so, this append is not needed Simon