bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

[Tomas Volf]

Both macros were missing a quote for the procedure call, causing the
actual return value to be compiled into the ftw.go, instead of the
procedure call.  Snippet from disassembly of ftw.go does confirm that:

  55    (make-immediate 2 3990)         ;; 997                at ice-9/ftw.scm:319:46
  56    (make-long-immediate 1 120002)  ;; 30000              at ice-9/ftw.scm:320:46

That effectively prevented ftw from entering directories without access
for others.  Simple reproduction:

    scheme@(guile-user)> ,use (ice-9 ftw)
    scheme@(guile-user)> (mkdir "/tmp/xxxx")
    scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
    scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))

    ;;; (directory-not-readable)
    $1 = #t
    scheme@(guile-user)> (system "ls -al /tmp/xxxx")
    total 0
    drwx------ 1 wolf wolf   0 Oct 11 22:54 .
    drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
    $2 = 0

The fix is to quote the procedure call, leading to the intended
behavior.

This fixes bug 55344.

* module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
(getgid-or-false): Quote the (getgid).
---
 module/ice-9/ftw.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/module/ice-9/ftw.scm b/module/ice-9/ftw.scm
index ac6aa6316..8496086a1 100644
--- a/module/ice-9/ftw.scm
+++ b/module/ice-9/ftw.scm
@@ -201,12 +201,12 @@
 
 (define-macro (getuid-or-false)
   (if (defined? 'getuid)
-      (getuid)
+      '(getuid)
       #f))
 
 (define-macro (getgid-or-false)
   (if (defined? 'getgid)
-      (getgid)
+      '(getgid)
       #f))
 
 (define (directory-files dir)
-- 
2.41.0

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

[Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language]

> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
>procedure call.  Snippet from disassembly of ftw.go does confirm that:

Looks good to me.

If you don't have commit approval, I can take the action to commit it,
and write a test case, since I was the one who broke it back in 2021.

Mike Gran

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

[Tomas Volf]

[-- Attachment #1: Type: text/plain, Size: 754 bytes --]

On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call.  Snippet from disassembly of ftw.go does confirm that:
> 
> Looks good to me.
> 
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.

I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)

> 
> Mike Gran

Tomas Volf

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

[Mike Gran via Bug reports for GUILE, GNU's Ubiquitous Extension Language]

I haven't forgotten about this. My linux devel box died.

Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.






On Friday, October 13, 2023 at 11:20:11 AM PDT, Tomas Volf <wolf@wolfsden.cz> wrote: 





On 2023-10-13 17:30:06 +0000, Mike Gran wrote:
> > Both macros were missing a quote for the procedure call, causing the
> > actual return value to be compiled into the ftw.go, instead of the
> >procedure call.  Snippet from disassembly of ftw.go does confirm that:
> 
> Looks good to me.
> 
> If you don't have commit approval, I can take the action to commit it,
> and write a test case, since I was the one who broke it back in 2021.

I do not have commit access, nor I am sure how the tests should look
like, so if you would be so kind to take it over from here, that would
be great. :)


> 
> Mike Gran


Tomas Volf

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

[Tomas Volf]

[-- Attachment #1: Type: text/plain, Size: 412 bytes --]

Hi,

On 2023-10-25 14:01:43 +0000, Mike Gran wrote:
> I haven't forgotten about this. My linux devel box died.

My deepest sympathies.

>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.

Polite ping, just making sure this is still on the radar.

Tomas

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros., control message for bug #66531

[Tomas Volf]

Mike Gran <spk121@yahoo.com> writes:

Hello,

> I haven't forgotten about this. My linux devel box died.
>
> Maybe someone else can make the push, otherwise, I'll be back in business in a couple weeks.

Just a polite ping regarding this patch.

Thank you and have a nice day,
Tomas Volf

bug#66531: [PATCH] ftw: Fix getuid-or-false, getgid-or-false macros.

[Ludovic Courtès]

Tomas Volf <wolf@wolfsden.cz> skribis:

> Both macros were missing a quote for the procedure call, causing the
> actual return value to be compiled into the ftw.go, instead of the
> procedure call.  Snippet from disassembly of ftw.go does confirm that:
>
>   55    (make-immediate 2 3990)         ;; 997                at ice-9/ftw.scm:319:46
>   56    (make-long-immediate 1 120002)  ;; 30000              at ice-9/ftw.scm:320:46
>
> That effectively prevented ftw from entering directories without access
> for others.  Simple reproduction:
>
>     scheme@(guile-user)> ,use (ice-9 ftw)
>     scheme@(guile-user)> (mkdir "/tmp/xxxx")
>     scheme@(guile-user)> (chmod "/tmp/xxxx" #o0700)
>     scheme@(guile-user)> (ftw "/tmp/xxxx" (lambda (_ __ f) (pk f) #t))
>
>     ;;; (directory-not-readable)
>     $1 = #t
>     scheme@(guile-user)> (system "ls -al /tmp/xxxx")
>     total 0
>     drwx------ 1 wolf wolf   0 Oct 11 22:54 .
>     drwxrwxrwt 1 root root 888 Oct 11 22:54 ..
>     $2 = 0
>
> The fix is to quote the procedure call, leading to the intended
> behavior.
>
> This fixes bug 55344.
>
> * module/ice-9/ftw.scm (getuid-or-false): Quote the (getuid).
> (getgid-or-false): Quote the (getgid).

Applied, thanks!