unofficial mirror of bug-guile@gnu.org 
 help / color / mirror / Atom feed
* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
@ 2023-10-13 16:18 Tomas Volf
  2023-10-13 17:30 ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
  2024-01-29 13:28 ` bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros Ludovic Courtès
  0 siblings, 2 replies; 7+ messages in thread
From: Tomas Volf @ 2023-10-13 16:18 UTC (permalink / raw)
  To: 66531; +Cc: Tomas Volf

Both macros were missing a quote for the procedure call, causing the
actual return value to be compiled into the ftw.go, instead of the
procedure call.  Snippet from disassembly of ftw.go does confirm that:

  55    (make-immediate 2 3990)         ;; 997                at ice-9/ftw.scm:319:46
  56    (make-long-immediate 1 120002)  ;; 30000              at ice-9/ftw.scm:320:46

That effectively prevented ftw from entering directories without access
for others.  Simple reproduction:

    scheme@(guile-user)> ,use (ice-9 ftw)
    scheme@(guile-user)> (mkdir "/tmp/xxxx")
    scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
    scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))

    ;;; (directory-not-readable)
    $1 = #t
    scheme@(guile-user)> (system "ls -al /tmp/xxxx")
    total 0
    drwx------ 1 wolf wolf   0 Oct 11 22:54 .
    drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
    $2 = 0

The fix is to quote the procedure call, leading to the intended
behavior.

This fixes bug 55344.

* module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
(getgid-or-false): Quote the (getgid).
---
 module/ice-9/ftw.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/module/ice-9/ftw.scm b/module/ice-9/ftw.scm
index ac6aa6316..8496086a1 100644
--- a/module/ice-9/ftw.scm
+++ b/module/ice-9/ftw.scm
@@ -201,12 +201,12 @@
 
 (define-macro (getuid-or-false)
   (if (defined? 'getuid)
-      (getuid)
+      '(getuid)
       #f))
 
 (define-macro (getgid-or-false)
   (if (defined? 'getgid)
-      (getgid)
+      '(getgid)
       #f))
 
 (define (directory-files dir)
-- 
2.41.0






^ permalink raw reply related	[flat|nested] 7+ messages in thread

* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
  2023-10-13 16:18 bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros Tomas Volf
@ 2023-10-13 17:30 ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
  2023-10-13 18:20   ` Tomas Volf
  2024-01-29 13:28 ` bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros Ludovic Courtès
  1 sibling, 1 reply; 7+ messages in thread
From: Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language @ 2023-10-13 17:30 UTC (permalink / raw)
  To: 66531@debbugs.gnu.org, Tomas Volf

> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
>procedure call.  Snippet from disassembly of ftw.go does confirm that:

Looks good to me.

If you don't have commit approval, I can take the action to commit it,
and write a test case, since I was the one who broke it back in 2021.

Mike Gran





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
  2023-10-13 17:30 ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
@ 2023-10-13 18:20   ` Tomas Volf
  2023-10-25 14:01     ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
  0 siblings, 1 reply; 7+ messages in thread
From: Tomas Volf @ 2023-10-13 18:20 UTC (permalink / raw)
  To: Mike Gran; +Cc: 66531@debbugs.gnu.org

[-- Attachment #1: Type: text/plain, Size: 754 bytes --]

On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call.  Snippet from disassembly of ftw.go does confirm that:
> 
> Looks good to me.
> 
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.

I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)

> 
> Mike Gran

Tomas Volf

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
  2023-10-13 18:20   ` Tomas Volf
@ 2023-10-25 14:01     ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
  2023-11-29 16:11       ` Tomas Volf
  2024-01-16 12:40       ` bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., control message for bug #66531 Tomas Volf
  0 siblings, 2 replies; 7+ messages in thread
From: Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language @ 2023-10-25 14:01 UTC (permalink / raw)
  To: Tomas Volf; +Cc: 66531@debbugs.gnu.org

I haven't forgotten about this. My linux devel box died.

Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.






On Friday, October 13, 2023 at 11:20:11 AM PDT, Tomas Volf <wolf@wolfsden.cz> wrote: 





On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call.  Snippet from disassembly of ftw.go does confirm that:
> 
> Looks good to me.
> 
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.

I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)


> 
> Mike Gran


Tomas Volf

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.






^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
  2023-10-25 14:01     ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
@ 2023-11-29 16:11       ` Tomas Volf
  2024-01-16 12:40       ` bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., control message for bug #66531 Tomas Volf
  1 sibling, 0 replies; 7+ messages in thread
From: Tomas Volf @ 2023-11-29 16:11 UTC (permalink / raw)
  To: Mike Gran; +Cc: 66531@debbugs.gnu.org

[-- Attachment #1: Type: text/plain, Size: 412 bytes --]

Hi,

On 2023-10-25 14:01:43 +0000, Mike Gran wrote:
> I haven't forgotten about this. My linux devel box died.

My deepest sympathies.

>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.

Polite ping, just making sure this is still on the radar.

Tomas

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., control message for bug #66531
  2023-10-25 14:01     ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
  2023-11-29 16:11       ` Tomas Volf
@ 2024-01-16 12:40       ` Tomas Volf
  1 sibling, 0 replies; 7+ messages in thread
From: Tomas Volf @ 2024-01-16 12:40 UTC (permalink / raw)
  To: Mike Gran; +Cc: Tomas Volf, control, 66531

Mike Gran <spk121@yahoo.com> writes:

Hello,

> I haven't forgotten about this. My linux devel box died.
>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.

Just a polite ping regarding this patch.

Thank you and have a nice day,
Tomas Volf





^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.
  2023-10-13 16:18 bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros Tomas Volf
  2023-10-13 17:30 ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
@ 2024-01-29 13:28 ` Ludovic Courtès
  1 sibling, 0 replies; 7+ messages in thread
From: Ludovic Courtès @ 2024-01-29 13:28 UTC (permalink / raw)
  To: Tomas Volf; +Cc: 66531-done

Tomas Volf <wolf@wolfsden.cz> skribis:

> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
> procedure call.  Snippet from disassembly of ftw.go does confirm that:
>
>   55    (make-immediate 2 3990)         ;; 997                at ice-9/ftw.scm:319:46
>   56    (make-long-immediate 1 120002)  ;; 30000              at ice-9/ftw.scm:320:46
>
> That effectively prevented ftw from entering directories without access
> for others.  Simple reproduction:
>
>     scheme@(guile-user)> ,use (ice-9 ftw)
>     scheme@(guile-user)> (mkdir "/tmp/xxxx")
>     scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
>     scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))
>
>     ;;; (directory-not-readable)
>     $1 = #t
>     scheme@(guile-user)> (system "ls -al /tmp/xxxx")
>     total 0
>     drwx------ 1 wolf wolf   0 Oct 11 22:54 .
>     drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
>     $2 = 0
>
> The fix is to quote the procedure call, leading to the intended
> behavior.
>
> This fixes bug 55344.
>
> * module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
> (getgid-or-false): Quote the (getgid).

Applied, thanks!





^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2024-01-29 13:28 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-13 16:18 bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros Tomas Volf
2023-10-13 17:30 ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
2023-10-13 18:20   ` Tomas Volf
2023-10-25 14:01     ` Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language
2023-11-29 16:11       ` Tomas Volf
2024-01-16 12:40       ` bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., control message for bug #66531 Tomas Volf
2024-01-29 13:28 ` bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros Ludovic Courtès

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).