| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Enough changes to justify a tag.
|
|
The logic for whether to allocate space for the "base" path
in pseudo_fix_path recognized that you don't need it when the
path you're evaluating starts with a slash.
This is great, except:
1. It's not actually true, if rootlen isn't 0.
2. The decision of whether or not to copy over the base
path didn't check for this, so it would happen anyway.
The net result is, if you had a path in excess of 256 characters as
a base (say, a chroot directory), and you tried to evaluate a path
starting with a slash (say, /etc/shadow), pseudo would allocate enough
space for the path, but not for the base path, and then copy the
base path into it anyway. The rounding up to multiples of 256 isn't
enough to save us in this case.
Solution:
1. Make the logic for the base path copy match the allocation logic.
2. Use (path[0] != '/' || rootlen) as the second part of the test,
because if there's a non-zero rootlen, we're in a chroot and MUST
preserve at least some of the path.
This could maybe be smarter (what if we only allocated space for
rootlen in that case?) except that in reality, it's very very
often the case that baselen == rootlen, and it's not as though we
want MORE complexity.
|
|
|
|
Long story short: ARM doesn't use -m32 and -m64, so make those
a little more dependent. We'll probably rework this completely "soon"
as we mess with more targets and x32 becomes an issue.
|
|
The existing behavior was to set rpath to whatever was specified
explicitly with --with-rpath, or to set a default if the opt_rpath
variable was unset and we reached a --with-sqlite.
This turns out to be incorrect in the case where a static sqlite is
being used. You can force the issue with --without-rpath, but it's
probably better to make the inference smarter. This also allows the
slight cleanup of setting opt_rpath to '' to begin with, because we're
no longer depending on the distinction between empty and unset.
|
|
Spotted a couple of things during the last batch of fixes; fixing these
up so things are more consistent or clearer.
|
|
|
|
Some systems prefer to avoid messing with LD_LIBRARY_PATH as much,
and instead link sqlite statically.
|
|
In OE-Core we need to be able to configure for both 32-bit and 64-bit
libpseudo libraries. In order to avoid some complex manipulations,
we adjust the configure and Makefile to facilitate this.
Upstream-Status: Submitted
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
We weren't trapping popen(), so if environment variables were in an
inconsistent state when popen() was called, Bad Things Happened. Add
a popen() wrapper. Like a couple of other special cases, is applied
even when pseudo is theoretically disabled, and that includes the antimagic
case. (But we never use popen() so that's fine.)
|
|
ignored) rather than flags (where it was needed), meaning that the
open64 type functions didn't work as intended on 32-bit hosts.
|
|
|
|
1. Fix *at() where dirfd is obtained through dirfd(DIR *).
The dirfd(DIR *) interface allows you to get the fd for a DIR *,
meaning you can use it with openat(), meaning you can need its
path. This causes a segfault. Also fixed the base_path
code not to segfault in that case, but first fix the
underlying problem.
2. Implement renameat()
After three long years, someone tried to use this. This was impossibly
hard back when pseudo was written, because there was only one dirfd
provided for. Thing is, now, the canonicalization happens in wrapfuncs,
so a small tweak to makewrappers to recognize that oldpath should use
olddirfd if it exists is enough to get us fully canonicalized paths
when needed.
|
|
|
|
2011-11-01:
* (mhatle) Stop valgrind from reporting use of uninitialized
memory from pseudo_client:client_ping()
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Previously the clone(2) wrapper unconditionallity restored the system
environment. It also invokes the checks to see if the user has requested
pseudo to be disabled or unloaded. Due to the semantics of clone, this caused
both the parent and child processes to be disabled or unloaded.
The new code adds an intermediate function, wrap_clone_child, that only
runs within the child context. This way we can be sure to only disable/unload
pseudo from within the child process. In addition, we avoid mucking with
the environment if CLONE_VM is set, since this will affect both parent and
child.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Change from internal PSEUDO_RELOADED to external PSEUDO_UNLOAD environment
variable. Enable external programs to have a safe and reliable way to unload
pseudo on the next exec*. PSEUDO_UNLOAD also will disable pseudo if we're in a
fork/clone situation in the same way PSEUDO_DISABLED=1 would.
Rename the PSEUDO_DISABLED tests, and create a similar set for the new
PSEUDO_UNLOAD.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
You might be wondering why this wasn't caught. Answer: gcc's too smart.
Consider:
int x;
if (condition)
x = 23;
return x;
This function will just return 23. Since gcc knows that it doesn't
matter what happens if x is used uninitialized (it's an indeterminate
value, thus a possible trap representation, thus undefined behavior
to use it), it simplifies the initial part of this away. Thus there's
no use of an uninitialized value.
Something similar seems to be at issue with the use of the uninitialized
f in pseudo_init_one_wrapper.
The variable wasn't initialized in the pre-realpath-fix version either,
but in that version, the assignment from dlsym was completely unconditional.
|
|
On some Linux systems, dlsym("realpath", RTLD_NEXT) prefers
for reasons of its own to give a symbol that is also known
as old_realpath, which fails and yields EINVAL when called
with a null pointer as the second argument. This can be
avoided, on some systems, by using dlvsym() to request
the GLIBC_2.3 version of the symbol.
The wrapper logic is enhanced to allow for specifying
versions, although this currently only works for Linux
(Darwin has no dlvsym, apparently?). The test case is
a trivial program which calls realpath(name, NULL) run
with PSEUDO_DISABLED=1.
|
|
|
|
|
|
|
|
that we add an extra fork() so we can do the setup in a child process,
but still just pass the command string to the standard system()
call.
|
|
the 0100 bit for directories. The reason is that otherwise we create
plain files which are 0700 on disk, which means they're non-zero &0111,
which breaks euidaccess(X_OK).
|
|
|
|
Build improvements (better compatibility with how other people do things)
|
|
This is what GNU configure does, for valid reasons. My build wrapper
unconditionally passes --enable-maintainer-mode.
|
|
The way multilib works on at least Fedora is that --libdir=$prefix/lib64
is passed to configure. The source build system should not attempt to
guess at architecture or take other configure flags (like --bits); instead
it should default to whatever the given $(CC) does.
This patch preserves the ability to specify --bits however.
|
|
|
|
|
|
|
|
|
|
|
|
debugger messages from going to the wrong place. No longer fclose(stderr)
after grabbing log file, because stderr is likely still using fd 2.
|
|
|
|
This is a spiffied-up rebase of a bunch of intermediate changes, presented
as a whole because it is, surprisingly, less confusing that way. The basic
idea is to separate the guts code into categories ranging from generic
stuff that can be the same everywhere and specific variants. The big scary
one is the Darwin support, which actually seems to run okay on 64-bit OS X
10.6. (No other variants were tested.) The other example given is support
for the old clone() syscall on RHEL 4, which affects some wrlinux use cases.
There's a few minor cleanup bits here, such as a function with inconsistent
calling conventions, but nothing really exciting.
|
|
|
|
directly rather than via an on-demand spawn from the client, the
directory is never created.
|
|
|
|
This is fussy, because we have to actually do the path search ourselves
as best we can to handle unqualified paths. The result, though, is
more meaningful logs.
Along the way, fix some bitrot in the comments in pseudo_fix_path and
friends.
|
|
|
|
|
|
|
|
|
|
This reverts commit 49d4d35918d457b0e9206679ecad3b9c84f11e66.
|
|
The cached data values were being collected when an OP_EXEC call was made.
This is incorrect as the values are only for logging purposes. It's believed
this caused an occasional crash in certain instances.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
It'd be handy for the WR build system if new state directories could
be created as needed. It is made so. And to answer the first
question everyone, including me, has on reading this: You can't
do system("mkdir -p ...") because the invoked shell would need to
run under pseudo, so it'd have to check for a server, and...
|
|
|
|
The problem is that path_by_ino could end up being the same pointer
as cache_path, after which, if cache_path were freed (or kept around
for later), there would be malloc arena problems.
Also, fix the calculation for pathlen to increase cache hits. The
IPC messages use length of path *plus one* as the length, because
the buffer is defined to include its terminating null byte.
|
Peter Seebach
Mark Hatle
Seebs
Peter Seebach
Colin Walters
Peter Seebach