mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-03 09:48:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some bugs

Browse source
This commit is contained in:
Justine Tunney 2022-08-14 13:28:07 -07:00
parent 5584f6adcf
commit 6c0bbfac4a
15 changed files with 289 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

1
libc/calls/calls.h
View file

@ -184,6 +184,7 @@ int sys_ptrace(int, ...);
int sysctl(const int *, unsigned, void *, size_t *, void *, size_t);
int tgkill(int, int, int);
int tkill(int, int);
int tmpfd(void);
int touch(const char *, uint32_t);
int truncate(const char *, uint64_t);
int ttyname_r(int, char *, size_t);

9
libc/calls/pledge-linux.c
View file

@ -1939,12 +1939,9 @@ privileged int sys_pledge_linux(unsigned long ipromises, int mode) {
} else {
// non-trapping mode
//
// 1. our sigsys error message handler can't be inherited across
// execve() boundaries so if you've pledged exec then that'll
// mean no error messages for you.
//
// 2. we do not trap pledge("", 0) because that would go against
// its documented purpose of only permitted exit().
// our sigsys error message handler can't be inherited across
// execve() boundaries so if you've pledged exec then that'll
// likely cause a SIGSYS in your child after the exec happens
switch (mode & PLEDGE_PENALTY_MASK) {
case PLEDGE_PENALTY_KILL_THREAD:
sf[0].k = SECCOMP_RET_KILL_THREAD;

0
libc/runtime/program_invocation_short_name.S → libc/calls/program_invocation_short_name.S
View file

113
libc/calls/tmpfd.c Normal file
View file

@ -0,0 +1,113 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2020 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/calls/calls.h"
#include "libc/dce.h"
#include "libc/errno.h"
#include "libc/runtime/runtime.h"
#include "libc/stdio/rand.h"
#include "libc/stdio/temp.h"
#include "libc/str/str.h"
#include "libc/sysv/consts/o.h"
#define _O_TMPFILE 000020200000
/**
* Returns file descriptor of open anonymous file, e.g.
*
* int fd;
* if ((fd = tmpfd()) == -1) {
* perror("tmpfd");
* exit(1);
* }
* // do stuff
* close(f);
*
* This creates a secure temporary file inside $TMPDIR. If it isn't
* defined, then /tmp is used on UNIX and GetTempPath() is used on the
* New Technology. This resolution of $TMPDIR happens once in a ctor,
* which is copied to the `kTmpDir` global.
*
* Once close() is called, the returned file is guaranteed to be deleted
* automatically. On UNIX the file is unlink()'d before this function
* returns. On the New Technology it happens upon close().
*
* On newer Linux only (c. 2013) it's possible to turn the anonymous
* returned file back into a real file, by doing this:
*
* linkat(AT_FDCWD, _gc(xasprintf("/proc/self/fd/%d", fd)),
* AT_FDCWD, "real.txt", AT_SYMLINK_FOLLOW)
*
* On the New Technology, temporary files created by this function
* should have better performance, because `kNtFileAttributeTemporary`
* asks the kernel to more aggressively cache and reduce i/o ops.
*
* The tmpfd() function should be favored over `open(O_TMPFILE)` because
* the latter only works on Linux, and will cause open() failures on all
* other platforms.
*
* @return file descriptor on success, or -1 w/ errno
* @see tmpfile() for stdio version
* @asyncsignalsafe
* @threadsafe
* @vforksafe
*/
int tmpfd(void) {
FILE *f;
unsigned x;
int fd, i, j, e;
char path[PATH_MAX], *p;
e = errno;
if (IsLinux() && (fd = open(kTmpPath, O_RDWR | _O_TMPFILE, 0600)) != -1) {
return fd;
}
errno = e;
p = path;
p = stpcpy(p, kTmpPath);
p = stpcpy(p, "tmp.");
if (program_invocation_short_name &&
strlen(program_invocation_short_name) < 128) {
p = stpcpy(p, program_invocation_short_name);
*p++ = '.';
}
for (i = 0; i < 10; ++i) {
x = rand64();
for (j = 0; j < 6; ++j) {
p[j] = "0123456789abcdefghijklmnopqrstuvwxyz"[x % 36];
x /= 36;
}
p[j] = 0;
e = errno;
if ((fd = open(path,
O_RDWR | O_CREAT | O_EXCL | (IsWindows() ? _O_TMPFILE : 0),
0600)) != -1) {
if (!IsWindows()) {
if (unlink(path)) {
asm("hlt");
unreachable;
}
}
return fd;
} else if (errno == EEXIST) {
errno = e;
} else {
break;
}
}
return -1;
}

4
libc/intrin/kopenflags.S
View file

@ -40,10 +40,10 @@ kOpenFlags:
.e O_TRUNC,"TRUNC" //
.e O_CLOEXEC,"CLOEXEC" //
.e O_NONBLOCK,"NONBLOCK" //
.e O_DIRECTORY,"DIRECTORY" //
.e O_TMPFILE,"TMPFILE" // linux, windows
.e O_DIRECTORY,"DIRECTORY" // order matters
.e O_DIRECT,"DIRECT" // no-op on xnu/openbsd
.e O_APPEND,"APPEND" // weird on nt
.e O_TMPFILE,"TMPFILE" // linux, windows
.e O_NOFOLLOW,"NOFOLLOW" // unix
.e O_SYNC,"SYNC" // unix
.e O_ASYNC,"ASYNC" // unix

81
libc/stdio/tmpfile.c
View file

@ -17,59 +17,58 @@
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/calls/calls.h"
#include "libc/errno.h"
#include "libc/stdio/rand.h"
#include "libc/runtime/runtime.h"
#include "libc/stdio/stdio.h"
#include "libc/stdio/temp.h"
#include "libc/str/str.h"
#include "libc/sysv/consts/o.h"
/**
* Opens stream backed by anonymous file.
* Opens stream backed by anonymous file, e.g.
*
* We use $TMPDIR or /tmp to create a temporary file securely, which
* will be unlink()'d before this function returns. The file content
* will be released from disk once fclose() is called.
* FILE *f;
* if (!(f = tmpfile())) {
* perror("tmpfile");
* exit(1);
* }
* // do stuff
* fclose(f);
*
* @see mkostempsm(), kTmpPath
* This creates a secure temporary file inside $TMPDIR. If it isn't
* defined, then /tmp is used on UNIX and GetTempPath() is used on the
* New Technology. This resolution of $TMPDIR happens once in a ctor,
* which is copied to the `kTmpDir` global.
*
* Once fclose() is called, the returned file is guaranteed to be
* deleted automatically. On UNIX the file is unlink()'d before this
* function returns. On the New Technology it happens upon fclose().
*
* On newer Linux only (c. 2013) it's possible to turn the anonymous
* returned file back into a real file, by doing this:
*
* linkat(AT_FDCWD, _gc(xasprintf("/proc/self/fd/%d", fileno(f))),
* AT_FDCWD, "real.txt", AT_SYMLINK_FOLLOW)
*
* On the New Technology, temporary files created by this function
* should have better performance, because `kNtFileAttributeTemporary`
* asks the kernel to more aggressively cache and reduce i/o ops.
*
* Favor tmpfd() or tmpfile() over `open(O_TMPFILE)` because the latter
* is Linux-only and will cause open() failures on all other platforms.
*
* @see tmpfd() if you don't want to link stdio/malloc
* @asyncsignalsafe
* @threadsafe
* @vforksafe
*/
FILE *tmpfile(void) {
int fd;
FILE *f;
unsigned x;
int fd, i, j, e;
char path[PATH_MAX], *p;
p = path;
p = stpcpy(p, kTmpPath);
p = stpcpy(p, "tmp.");
if (program_invocation_short_name &&
strlen(program_invocation_short_name) < 128) {
p = stpcpy(p, program_invocation_short_name);
*p++ = '.';
}
for (i = 0; i < 10; ++i) {
x = rand64();
for (j = 0; j < 6; ++j) {
p[j] = "0123456789abcdefghijklmnopqrstuvwxyz"[x % 36];
x /= 36;
}
p[j] = 0;
e = errno;
if ((fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0600)) != -1) {
unlink(path);
if ((f = fdopen(fd, "w+"))) {
return f;
} else {
close(fd);
return 0;
}
} else if (errno == EEXIST) {
errno = e;
if ((fd = tmpfd()) != -1) {
if ((f = fdopen(fd, "w+"))) {
return f;
} else {
break;
close(fd);
return 0;
}
} else {
return 0;
}
return 0;
}

2
libc/sysv/consts.sh
View file

@ -196,7 +196,7 @@ syscon open O_SEQUENTIAL 0 0 0 0 0 0x40000000 # kNtFileFlagSequen
syscon open O_COMPRESSED 0 0 0 0 0 0x20000000 # kNtFileAttributeCompressed [SYNC libc/calls/open-nt.c]
syscon open O_INDEXED 0 0 0 0 0 0x10000000 # !kNtFileAttributeNotContentIndexed [SYNC libc/calls/open-nt.c]
syscon open O_CLOEXEC 0x00080000 0x01000000 0x00100000 0x00010000 0x00400000 0x00080000 # NT faked as Linux [SYNC libc/calls/open-nt.c]
syscon open O_TMPFILE 0x00410000 0 0 0 0 0x00410000 # Linux 3.11+ (c. 2013) __O_TMPFILE | O_DIRECTORY; kNtFileAttributeTemporary|kNtFileFlagDeleteOnClose [SYNC libc/calls/open-nt.c]
syscon open O_TMPFILE 0x00410000 0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff # please use tmpfd(); Linux 3.11+ (c. 2013) __O_TMPFILE | O_DIRECTORY; kNtFileAttributeTemporary|kNtFileFlagDeleteOnClose [SYNC libc/calls/open-nt.c]
syscon open O_SPARSE 0 0 0 0 0 0 # wut
syscon open O_NONBLOCK 0x00000800 0x00000004 0x00000004 0x00000004 0x00000004 0x00000800 # bsd consensus
syscon open O_ASYNC 0x00002000 0x00000040 0x00000040 0x00000040 0x00000040 0 # bsd consensus

2
libc/sysv/consts/O_TMPFILE.S
View file

@ -1,2 +1,2 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon open,O_TMPFILE,0x00410000,0,0,0,0,0x00410000
.syscon open,O_TMPFILE,0x00410000,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff