This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] gcc cannot deal with full /tmp

From: Denys Vlasenko <dvlasenk at redhat dot com>
To: Ian Lance Taylor <iant at google dot com>
Cc: dj at redhat dot com, ian at airs dot com, gcc-patches at gcc dot gnu dot org, binutils at sources dot redhat dot com
Date: Wed, 30 Jul 2008 13:29:34 +0200
Subject: Re: [PATCH] gcc cannot deal with full /tmp
References: <200807281911.00146.dvlasenk@redhat.com> <m3y73k3h2e.fsf@google.com>

On Tuesday 29 July 2008 04:23:21 pm Ian Lance Taylor wrote:
> make_temp_file is documented as returning NULL on failure.  Would it
> be reasonable to simply return NULL for certain errno codes?

I don't know. This can be done incrementally. For gcc,
aborting on unwritable/full /tmp is ok, I guess.

> As far as the patch goes:
> * Comments should be complete sentences.
> * The fprintf line is too long--it needs to wrap at 80 columns.
> * Don't put a comment on the same line as abort ().

Updated patch is attached, is it ok now?

> Otherwise this seems good.  How did you test it?

umount -d testdir 2>/dev/null
rm -rf testdir 2>/dev/null
mkdir testdir 2>/dev/null
dd if=/dev/zero of=image bs=1M count=1
chmod 666 image
mkfs.minix image || exit 1
mount -o loop image testdir
TMP=$PWD/testdir i486-linux-uclibc-gcc -o t t.c

For some strange reason on my machine image thus mounted
is not writable, so I didn't have to do anything special
to make open's fail.

If you won't be so lucky, I guess you will need to add
chmod 111 -Rc testdir
just below mount command, and run gcc as non-root.
--
vda

diff -d -urpN gcc.0/libiberty/make-temp-file.c gcc.1/libiberty/make-temp-file.c
--- gcc.0/libiberty/make-temp-file.c	2008-07-21 14:50:00.000000000 +0200
+++ gcc.1/libiberty/make-temp-file.c	2008-07-30 13:23:04.000000000 +0200
@@ -23,6 +23,7 @@ Boston, MA 02110-1301, USA.  */
 
 #include <stdio.h>	/* May get P_tmpdir.  */
 #include <sys/types.h>
+#include <errno.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -166,11 +167,14 @@ make_temp_file (const char *suffix)
   strcpy (temp_filename + base_len + TEMP_FILE_LEN, suffix);
 
   fd = mkstemps (temp_filename, suffix_len);
-  /* If mkstemps failed, then something bad is happening.  Maybe we should
-     issue a message about a possible security attack in progress?  */
+  /* Mkstemps failed.  It may be EPERM, ENOSPC etc.  */
   if (fd == -1)
-    abort ();
-  /* Similarly if we can not close the file.  */
+    {
+      fprintf(stderr, "Cannot create temporary file in %s: %s\n",
+	      base, strerror(errno));
+      abort ();
+    }
+  /* We abort on failed close out of sheer paranoia.  */
   if (close (fd))
     abort ();
   return temp_filename;
diff -d -urpN gcc.0/libiberty/mkstemps.c gcc.1/libiberty/mkstemps.c
--- gcc.0/libiberty/mkstemps.c	2008-07-21 14:50:00.000000000 +0200
+++ gcc.1/libiberty/mkstemps.c	2008-07-28 18:48:34.000000000 +0200
@@ -127,6 +127,9 @@ mkstemps (char *pattern, int suffix_len)
       if (fd >= 0)
 	/* The file does not exist.  */
 	return fd;
+      if (errno != EEXIST)
+	/* Fatal error (EPERM, ENOSPC etc). Doesn't make sense to loop.  */
+	break;
 
       /* This is a random value.  It is only necessary that the next
 	 TMP_MAX values generated by adding 7777 to VALUE are different

Follow-Ups:
- Re: [PATCH] gcc cannot deal with full /tmp
  - From: Ian Lance Taylor

References:
- [PATCH] gcc cannot deal with full /tmp
  - From: Denys Vlasenko
- Re: [PATCH] gcc cannot deal with full /tmp
  - From: Ian Lance Taylor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]