* [PATCH] Add GETCONF_DIR to UNSECURE_ENVVARS, allow cross-installs
@ 2004-11-26 9:30 Jakub Jelinek
2004-11-26 11:02 ` Andreas Schwab
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2004-11-26 9:30 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: Glibc hackers
Hi!
2 changes in 1:
1) make sure noone can trick getconf invoked through say suid program
that executes other programs to invoke something that it shouldn't
2) avoid using getconf binary, so that even with cross installs
the right files are installed
2004-11-26 Jakub Jelinek <jakub@redhat.com>
* sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add GETCONF_DIR.
* posix/Makefile (generated: Add getconf.speclist.
($(inst_libexecdir)/getconf): Use getconf.speclist instead of
getconf output.
($(objpfx)getconf.speclist): New rule.
* posix/getconf.speclist.h: New file.
--- libc/sysdeps/generic/unsecvars.h.jj 2003-11-25 10:13:33.000000000 +0100
+++ libc/sysdeps/generic/unsecvars.h 2004-11-26 10:13:58.184202161 +0100
@@ -9,6 +9,7 @@
"LD_PROFILE\0" \
"LD_USE_LOAD_BIAS\0" \
"GCONV_PATH\0" \
+ "GETCONF_DIR\0" \
"HOSTALIASES\0" \
"LOCALDOMAIN\0" \
"LOCPATH\0" \
--- libc/posix/getconf.speclist.h.jj 2004-11-26 09:47:51.646745768 +0100
+++ libc/posix/getconf.speclist.h 2004-11-26 09:47:13.445558501 +0100
@@ -0,0 +1,15 @@
+#include <unistd.h>
+const char *START_OF_STRINGS =
+#if _POSIX_V6_ILP32_OFF32 == 1
+"_POSIX_V6_ILP32_OFF32"
+#endif
+#if _POSIX_V6_ILP32_OFFBIG == 1
+"_POSIX_V6_ILP32_OFFBIG"
+#endif
+#if _POSIX_V6_LP64_OFF64 == 1
+"_POSIX_V6_LP64_OFF64"
+#endif
+#if _POSIX_V6_LPBIG_OFFBIG == 1
+"_POSIX_V6_LPBIG_OFFBIG"
+#endif
+"";
--- libc/posix/Makefile.jj 2004-11-26 00:30:42.000000000 +0100
+++ libc/posix/Makefile 2004-11-26 10:05:04.654443059 +0100
@@ -102,7 +102,8 @@ generated := $(addprefix wordexp-test-re
bug-regex21-mem bug-regex21.mtrace \
tst-rxspencer-mem tst-rxspencer.mtrace tst-getconf.out \
tst-pcre-mem tst-pcre.mtrace tst-boost-mem tst-boost.mtrace \
- bug-ga2.mtrace bug-ga2-mem bug-glob2.mtrace bug-glob2-mem
+ bug-ga2.mtrace bug-ga2-mem bug-glob2.mtrace bug-glob2-mem \
+ getconf.speclist
include ../Rules
@@ -263,12 +264,16 @@ bug-glob2-ENV = MALLOC_TRACE=$(objpfx)bu
$(objpfx)bug-glob2-mem: $(objpfx)bug-glob2.out
$(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@
-$(inst_libexecdir)/getconf: $(objpfx)getconf FORCE
+$(inst_libexecdir)/getconf: $(objpfx)getconf $(objpfx)getconf.speclist FORCE
$(addprefix $(..)./scripts/mkinstalldirs ,\
$(filter-out $(wildcard $@),$@))
- for spec in `LC_ALL=C GETCONF_DIR=/dev/null \
- $(run-program-prefix) $< \
- _POSIX_V6_WIDTH_RESTRICTED_ENVS`; do \
- $(INSTALL_PROGRAM) $< $@/$$spec.new; \
- mv -f $@/$$spec.new $@/$$spec; \
+ for spec in `cat $(objpfx)getconf.speclist`; do \
+ $(INSTALL_PROGRAM) $< $@/$$spec.new; \
+ mv -f $@/$$spec.new $@/$$spec; \
done
+
+$(objpfx)getconf.speclist: getconf.speclist.h
+ $(CC) -E $(CFLAGS) $(CPPFLAGS) $< \
+ | sed -n -e '/START_OF_STRINGS/,$${/_POSIX_V6_/{s/^[^"]*"//;s/".*$$//;p}}' \
+ > $@.new
+ mv -f $@.new $@
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Add GETCONF_DIR to UNSECURE_ENVVARS, allow cross-installs
2004-11-26 9:30 [PATCH] Add GETCONF_DIR to UNSECURE_ENVVARS, allow cross-installs Jakub Jelinek
@ 2004-11-26 11:02 ` Andreas Schwab
0 siblings, 0 replies; 2+ messages in thread
From: Andreas Schwab @ 2004-11-26 11:02 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Ulrich Drepper, Glibc hackers
Jakub Jelinek <jakub@redhat.com> writes:
> @@ -263,12 +264,16 @@ bug-glob2-ENV = MALLOC_TRACE=$(objpfx)bu
> $(objpfx)bug-glob2-mem: $(objpfx)bug-glob2.out
> $(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@
>
> -$(inst_libexecdir)/getconf: $(objpfx)getconf FORCE
> +$(inst_libexecdir)/getconf: $(objpfx)getconf $(objpfx)getconf.speclist FORCE
> $(addprefix $(..)./scripts/mkinstalldirs ,\
> $(filter-out $(wildcard $@),$@))
> - for spec in `LC_ALL=C GETCONF_DIR=/dev/null \
> - $(run-program-prefix) $< \
> - _POSIX_V6_WIDTH_RESTRICTED_ENVS`; do \
> - $(INSTALL_PROGRAM) $< $@/$$spec.new; \
> - mv -f $@/$$spec.new $@/$$spec; \
> + for spec in `cat $(objpfx)getconf.speclist`; do \
> + $(INSTALL_PROGRAM) $< $@/$$spec.new; \
> + mv -f $@/$$spec.new $@/$$spec; \
The exit code of $(INSTALL_PROGRAM) should not be ignored.
> done
> +
> +$(objpfx)getconf.speclist: getconf.speclist.h
> + $(CC) -E $(CFLAGS) $(CPPFLAGS) $< \
> + | sed -n -e '/START_OF_STRINGS/,$${/_POSIX_V6_/{s/^[^"]*"//;s/".*$$//;p}}' \
> + > $@.new
> + mv -f $@.new $@
I think FORCE should be changed to $(+force), and maybe the second rule
should use a stamp file or even proper dependencies.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-11-26 11:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-11-26 9:30 [PATCH] Add GETCONF_DIR to UNSECURE_ENVVARS, allow cross-installs Jakub Jelinek
2004-11-26 11:02 ` Andreas Schwab
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).