| Summary: | sandbox-1.2.5 and earlier command line arg bug with bash scripts | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jeremy Huddleston (RETIRED) <eradicator> |
| Component: | [OLD] Core system | Assignee: | Sandbox Maintainers <sandbox> |
| Status: | RESOLVED TEST-REQUEST | ||
| Severity: | major | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Jeremy Huddleston (RETIRED)
2005-05-07 23:16:46 UTC
Ok, I mentioned this before but never got around to filing a bug report, so here goes.
This bug is reproducable given the same libsandbox.so binary, but if you change it slightly, it will bork at a different location. Here's an example from 'emerge gdb'.
gcc -c -DHAVE_CONFIG_H -O2 -pipe -fomit-frame-pointer -march=athlon64 -I. -I./../include -W -Wall -Wtraditional -pedantic ./concat.c -o concat.o
x86_64-pc-linux-gnu-gcc: hwóªª*: No such file or directory
x86_64-pc-linux-gnu-gcc: no input files
make[1]: *** [concat.o] Error 1
make[1]: Leaving directory `/mnt/raid0/tmp/portage/gdb-6.3-r3/work/gdb-6.3/libiberty'
make: *** [all-libiberty] Error 2
/usr/bin/gcc is the following minimal bash script:
--start--
#!/bin/bash
x86_64-pc-linux-gnu-gcc "${@}"
--end--
This doesn't occur when we call x86_64-pc-linux-gnu-gcc directly, so it has something do do with arg handling. To more easily trigger this bug, I'd suggest creating shell scripts for
/usr/bin/gcc and /usr/bin/<chost>-gcc which are simply:
--start--
#!/bin/bash
/usr/<chost>/gcc-bin/<version>/gcc "${@}"
--end--
Please change your script to this:
--start--
#!/bin/bash
echo "x86_64-pc-linux-gnu-gcc \"${@}\""
x86_64-pc-linux-gnu-gcc "${@}"
--end--
and then reproduce it. The problem I have with this, is that even if sandbox caused corruption, it should not show up in the final args passed to open/whatever, as we pass the original paths, and not the internal canonicalized paths. Also, we do not touch args for execve's, etc.
With this script as /usr/bin/gcc:
--start
#!/bin/bash
#echo "x86_64-pc-linux-gnu-gcc \"${@}\""
x86_64-pc-linux-gnu-gcc "${@}"
--end
if [ x"" != x ]; then \
gcc -c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o pic/concat.o; \
else true; fi
gcc -c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o concat.o
x86_64-pc-linux-gnu-gcc: `
With this script as /usr/bin/gcc:
--start
#!/bin/bash
#echo "x86_64-pc-linux-gnu-gcc \"${@}\""
x86_64-pc-linux-gnu-gcc "${@}"
--end
if [ x"" != x ]; then \
gcc -c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o pic/concat.o; \
else true; fi
gcc -c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o concat.o
x86_64-pc-linux-gnu-gcc: `¿X: No such file or directory
x86_64-pc-linux-gnu-gcc: no input files
make[1]: *** [concat.o] Error 1
make[1]: Leaving directory `/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/build/build-x86_64-pc-linux-gnu/libiberty'
make: *** [all-build-libiberty] Error 2
!!! ERROR: sys-devel/gcc-4.0.1_beta20050507 failed.
!!! Function gcc_do_make, Line 1137, Exitcode 2
!!! emake failed with profiledbootstrap
!!! If you need support, post the topmost build error, NOT this status message.
With this script as /usr/bin/gcc:
#!/bin/bash
echo "x86_64-pc-linux-gnu-gcc \"${@}\""
x86_64-pc-linux-gnu-gcc "${@}"
if [ x"" != x ]; then \
gcc -c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o pic/concat.o; \
else true; fi
gcc -c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o concat.o
x86_64-pc-linux-gnu-gcc "-c -DHAVE_CONFIG_H -O2 -pipe -march=athlon64 -I. -I/mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/../include -W -Wall -Wtraditional -pedantic /mnt/raid0/tmp/portage/gcc-4.0.1_beta20050507/work/gcc-4.0-20050507/libiberty/concat.c -o concat.o"
...
success
So ... yeah... that's odd... I reverted the change to verify, and yes, commenting/uncommenting that line is enough to trigger the bug...
Zzzz... If you have issues w/ current sandbox version, then reopen this bug. |