From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#24703: Store references in 8-byte chunks in compiled code Date: Mon, 31 Oct 2016 12:37:09 +0100 Message-ID: <87pomgrbq2.fsf@gnu.org> References: <87mvi5lzqu.fsf@netris.org> <87inssncln.fsf@netris.org> <8737jwnb1c.fsf@netris.org> <87r37gstf6.fsf_-_@netris.org> <87d1j0sl1l.fsf@netris.org> <87a8e4glot.fsf@gnu.org> <8f2024ad-13c1-d4b1-1541-c2a5bddcb403@etorok.net> <87h98bdvng.fsf@gnu.org> <87k2d6qqee.fsf@netris.org> <87shrunicp.fsf@gnu.org> <87oa21c9fe.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51829) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c1Aum-0006yu-6Q for bug-guix@gnu.org; Mon, 31 Oct 2016 07:38:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c1Aug-0004j5-HX for bug-guix@gnu.org; Mon, 31 Oct 2016 07:38:08 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:50543) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1c1Aug-0004iw-CH for bug-guix@gnu.org; Mon, 31 Oct 2016 07:38:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87oa21c9fe.fsf@netris.org> (Mark H. Weaver's message of "Mon, 31 Oct 2016 02:35:49 -0400") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Mark H Weaver Cc: 24703@debbugs.gnu.org Hi Mark, Mark H Weaver skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: [...] >>> So, if our approach is to use -fno-builtin-strcpy, then we will have to >>> apply it system-wide, and rebuild all of 'core-updates' from scratch. >> >> Another approach would be to patch GCC, specifically =E2=80=98expand_mov= str=E2=80=99 in >> gcc/builtins.c, which is the part responsible for this optimization, >> along these lines (untested): >> >> --- gcc-5.3.0/gcc/builtins.c.orig 2016-10-18 10:45:35.042826368 +0200 >> +++ gcc-5.3.0/gcc/builtins.c 2016-10-18 10:50:46.080616285 +0200 >> @@ -3470,6 +3470,19 @@ expand_builtin_mempcpy_args (tree dest, >> # define CODE_FOR_movstr CODE_FOR_nothing >> #endif >>=20=20 >> +/* Return true if STR is a string denoting a "/gnu/store" file name. */ >> + >> +static bool >> +store_reference_p (tree str) >> +{ >> + const char *store; >> + >> + store =3D getenv ("NIX_STORE") ?: "/gnu/store"; >> + >> + return (TREE_STRING_LENGTH (str) > strlen (store) >> + && strncmp (TREE_STRING_POINTER (str), store, strlen (store))); >> +} > > [...] > >> WDYT? > > I think it's not sufficient to apply this workaround only for string > literals that _begin_ with the store directory. In some cases, the > store name may appear only in the middle of a string. Do you have examples? I think this is unlikely: the common case here is that we=E2=80=99re capturing the installation prefix as in: #define PREFIX "/gnu/store/=E2=80=A6" strcpy (file, PREFIX); >> In the meantime, we need a workaround. The only option I can think of >> is to retain a reference to the ungrafted item by adding a symlink to >> it, like: > > I consider it a potentially serious security problem that ungrafted > outputs are being used. Papering over the problem by preventing this > buggy software from being deleted is, in my opinion, not acceptable. In practice, only data from the ungrafted input would be used, AFAICS. I=E2=80=99m not saying that this is a good solution, I=E2=80=99m just tryin= g to think of solutions that we can deploy now while waiting for something better, which may involve a full rebuild. > The GCC approach is okay with me in the short term, but I'll likely want > to revisit this issue in the future. >From your message, it=E2=80=99s unclear to me what you are proposing: 1. as the short term solution; 2. as the long term solution. To me short-term is symlink and long-term is GCC patch. Thanks for your feedback, Ludo=E2=80=99.