This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv

From: Caroline Tice <cmtice at google dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Ian Lance Taylor <iant at google dot com>, Eric Christopher <echristo at google dot com>, Benjamin De Kosnik <b dot dekosnik at gmail dot com>, Benjamin Kosnik <bkoz at redhat dot com>
Date: Mon, 19 Aug 2013 15:24:31 -0700
Subject: Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
References: <CABtf2+SE75qwSodDpFjCEQ-DVFtY4B4dhVgMopNUA9z3FaCXRQ at mail dot gmail dot com> <520494FD dot 5030207 at redhat dot com> <CABtf2+SzFffNo78Ey9sr=wsrm8-5_3DzYAE6LALkYu06fHeHfQ at mail dot gmail dot com> <5207EE34 dot 6000409 at redhat dot com> <CABtf2+Sqm2PrKoGmug-FGveWze447uoTgzmmtJkWWgOQNHgBWA at mail dot gmail dot com> <5208C3BD dot 3090605 at redhat dot com> <CABtf2+QuhyWcmbQ_U+arO3k+B1EEaR31Xxf7n-jjiQHt6UjUeA at mail dot gmail dot com> <520BA33E dot 9030401 at redhat dot com> <CABtf2+RhFYC8ekzucTGP_ndnU4bPBBZ-NucfuYCGkfK4ESpLjQ at mail dot gmail dot com> <521249DA dot 4080102 at redhat dot com>

Hi All,

I could really use some help here from someone who has a better
understanding of how the config/Makefile system works than I do.

In my libvtv/configure.ac file, I have:

AC_GNU_SOURCE
AC_CHECK_FUNCS([__secure_getenv])

AC_GNU_SOURCE
AC_CHECK_FUNCS([secure_getenv])

This gets translated in my libvtv/configure file to:

for ac_func in __secure_getenv
do :
  ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
if test "x$ac_cv_func___secure_getenv" = x""yes; then :
  cat >>confdefs.h <<_ACEOF
#define HAVE___SECURE_GETENV 1
_ACEOF

fi
done

for ac_func in secure_getenv
do :
  ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
if test "x$ac_cv_func_secure_getenv" = x""yes; then :
  cat >>confdefs.h <<_ACEOF
#define HAVE_SECURE_GETENV 1
_ACEOF

fi
done

After running 'make all', I look in the libvtv/config.log, I see

configure:4560: checking for __secure_getenv
configure:4560: /usr/local/google2/cmtice/gcc-fsf.clean.obj/./gcc/xgcc -B/usr/l\
ocal/google2/cmtice/gcc-fsf.clean.obj/./gcc/ -B/usr/local/x86_64-unknown-linux-\
gnu/bin/ -B/usr/local/x86_64-unknown-linux-gnu/lib/ -isystem /usr/local/x86_64-\
unknown-linux-gnu/include -isystem /usr/local/x86_64-unknown-linux-gnu/sys-incl\
ude    -o conftest -g -O2   conftest.c  >&5
configure:4560: $? = 0
configure:4560: result: yes
configure:4575: checking for secure_getenv
configure:4575: /usr/local/google2/cmtice/gcc-fsf.clean.obj/./gcc/xgcc -B/usr/l\
ocal/google2/cmtice/gcc-fsf.clean.obj/./gcc/ -B/usr/local/x86_64-unknown-linux-\
gnu/bin/ -B/usr/local/x86_64-unknown-linux-gnu/lib/ -isystem /usr/local/x86_64-\
unknown-linux-gnu/include -isystem /usr/local/x86_64-unknown-linux-gnu/sys-incl\
ude    -o conftest -g -O2   conftest.c  >&5
/tmp/cc2jF2RF.o: In function `main':
/usr/local/google2/cmtice/gcc-fsf.clean.obj/x86_64-unknown-linux-gnu/libvtv/con\
ftest.c:61: undefined reference to `secure_getenv'
collect2: error: ld returned 1 exit status
configure:4575: $? = 1
configure: failed program was:
[snip]
configure:4575: result: no

So it looks to me like the check for __secure_getenv succeeded, so
HAVE___SECURE_GETENV *should* have
been defined in confdefs.h, and the test for it in my program *should* succeed.

The source code in my program looks like this (at the moment):

#define secure_getenv getenv

#ifdef HAVE___SECURE_GETENV
#define secure_getenv __secure_getenv
#endif

[snip]

  logs_prefix = secure_getenv ("VTV_LOGS_DIR");

BUT...when I check to see what version of the getenv symbol made it
into libvtv.so, it is the wrong version:

$ readelf -s libvtv.so | grep getenv
     4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND
getenv@GLIBC_2.2.5 (2)
    76: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND getenv@@GLIBC_2.2.5

If I alter the source program to by removing the #ifdef
HAVE___SECURE_GETENV check, and just force it to try to use
__secure_getenv, the program works properly, and the readelf -s
libvtv.so | grep getenv shows __secure_getenv as the function.

WHAT am I doing wrong?  Help?

-- Caroline Tice
cmtice@google.com

On Mon, Aug 19, 2013 at 9:37 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 08/17/2013 12:29 AM, Caroline Tice wrote:
>>
>> OK, I *think* I have done as you requested.  I have to try the
>> environment variable before falling back on stderr (there's a program
>> we want to use this on that disables the ability to write to stderr).
>> I have added the secure_getenv stuff as you requested. The fixed patch
>> is attached.
>>
>> Please review the patch and let me know if this is OK to commit.  Thanks!
>
>
> I found a packaged version of autoconf 2.64 and bootstrapped with
> --enable-vtable-verify.  It's a bit confusing that libvtv is always built,
> but ends up being empty.
>
> It seems that HAVE_*SECURE_GETENV is not properly passed down to the
> compiler invocation:
>
> /bin/bash ./libtool --tag=CXX   --mode=compile
> /home/fw/src/gnu/gcc/build/./gcc/xgcc -B/home/fw/src/gnu/gcc/build/./gcc/
> -I. -I../../../git/libvtv -I../../../git/libvtv/../include  -D_GNU_SOURCE
> -Wall -Wextra -fno-exceptions -I./../libstdc++-v3/include
> -I./../libstdc++-v3/include/x86_64-unknown-linux-gnu
> -I../../../git/libvtv/../libstdc++-v3/libsupc++
> -Wl,-u_vtable_map_vars_start,-u_vtable_map_vars_end -g -O2 -D_GNU_SOURCE -MT
> vtv_utils.lo -MD -MP -MF .deps/vtv_utils.Tpo -c -o vtv_utils.lo
> ../../../git/libvtv/vtv_utils.cc
> libtool: compile:  /home/fw/src/gnu/gcc/build/./gcc/xgcc
> -B/home/fw/src/gnu/gcc/build/./gcc/ -I. -I../../../git/libvtv
> -I../../../git/libvtv/../include -D_GNU_SOURCE -Wall -Wextra -fno-exceptions
> -I./../libstdc++-v3/include
> -I./../libstdc++-v3/include/x86_64-unknown-linux-gnu
> -I../../../git/libvtv/../libstdc++-v3/libsupc++
> -Wl,-u_vtable_map_vars_start,-u_vtable_map_vars_end -g -O2 -D_GNU_SOURCE -MT
> vtv_utils.lo -MD -MP -MF .deps/vtv_utils.Tpo -c
> ../../../git/libvtv/vtv_utils.cc  -fPIC -DPIC -o .libs/vtv_utils.o
>
> As a result, the DSO ends up referencing getenv, even though secure_getenv
> is available (and has been detected by the autoconf check).
>
> Sorry, I don't know what's wrong here.  I'm not familiar with the GCC
> autoconf machinery.  Perhaps you need a config.h.in file?
>
> You can check this yourself with "readelf -s libvtv.so | grep getenv". It
> should print a line containing "secure_getenv" or "__secure_getenv", but not
> plain "getenv".
>
>
> --
> Florian Weimer / Red Hat Product Security Team

Follow-Ups:
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Florian Weimer

References:
- [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Caroline Tice
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Florian Weimer
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Caroline Tice
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Florian Weimer
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Caroline Tice
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Florian Weimer
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Caroline Tice
- Re: [PATCH, vtv update] Fix /tmp directory issues in libvtv
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]