From patchwork Fri Oct 13 15:10:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Simmons-Talbott X-Patchwork-Id: 1848344 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=h6lN2M12; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4S6VMS0H66z1yqZ for ; Sat, 14 Oct 2023 02:11:15 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C3C0A385734B for ; Fri, 13 Oct 2023 15:11:13 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id C4DF93857706 for ; Fri, 13 Oct 2023 15:10:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C4DF93857706 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1697209843; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qkUe5m+QuB+mOo0RzEGPdGBSJJZwfJKhMtrlgI+gV58=; b=h6lN2M12x28KFuA15L6VMcw+20zYb3xwjQ06BYuQVmXrK5qKJTkbcP1bxYYQHWo7KASthH sXNs5026b+JBc4g2qk4KjR4PmNXKwsgBaxjvfkBzQk9Eumw57X8MXw7NblxoDZmADZ9nvb oPxd0O22MdDdW3owK+rA7decd4PIows= Received: from mail-yw1-f200.google.com (mail-yw1-f200.google.com [209.85.128.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-481-32WBI8B-NYmSu8qUvWTIXg-1; Fri, 13 Oct 2023 11:10:42 -0400 X-MC-Unique: 32WBI8B-NYmSu8qUvWTIXg-1 Received: by mail-yw1-f200.google.com with SMTP id 00721157ae682-5a507eb61a6so32973077b3.1 for ; Fri, 13 Oct 2023 08:10:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697209841; x=1697814641; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qkUe5m+QuB+mOo0RzEGPdGBSJJZwfJKhMtrlgI+gV58=; b=HlhTT/0YGlE/8zImLc6Xnhk3Hm6zE1WhrVchxxGqSvzBkbw6udcbVpCM/Bxx77Dcmz l1EnzMVAbYxwJ6x8ej7vHpHu+kYS0GhVgKObOCsQ6EtZ+f16gjVGL7pjd6dR+V6r878A SbjLBxDtc0zxE45vf3DB7+dzMBvBy9sAYq2C9eQefpbkTDmmmtC8aVBXnlQLJKccqR5x bjfYOmUObe+SvtJq03k5G1vBSBDl//zp64yXYEFVRODBKyYTUS2MJz2m/aHEEblMabzL 2toEgdl8IypzxwkyuE1TIyBK4LCQN3xSAsrv3pUP8rcxB5ayb1kp/Ho4tHyUgjyMPPBL dbTA== X-Gm-Message-State: AOJu0Yy6UOkQYbcHs8fn3ZS5FaAGSq1IkkYollIMbrSxU/nUzPrNOnzS HCdGbXvcKPWD5oOYmO2vgQOpKm/cWHNiNN9sl7FPW9uPUxpXu8td5RrmbuCjbd9mtYWcLGEzXU6 zQh9+C0ay3HYCbFspjnz/xHVlMB2IqwLUr/BLJTI9rPzA0erpA6GMYKIk2K21LborfcZci31g0Z ZVDTUu X-Received: by 2002:a81:5404:0:b0:589:fad6:c17c with SMTP id i4-20020a815404000000b00589fad6c17cmr27168893ywb.45.1697209841211; Fri, 13 Oct 2023 08:10:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEgKqoiXFUWSGawPkD5ib0k3PuSRoFMy1TmFwhmn6yn4LYaJmdP17nX+bHSu2xs/bPH/lqO/w== X-Received: by 2002:a81:5404:0:b0:589:fad6:c17c with SMTP id i4-20020a815404000000b00589fad6c17cmr27168866ywb.45.1697209840765; Fri, 13 Oct 2023 08:10:40 -0700 (PDT) Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238]) by smtp.gmail.com with ESMTPSA id c9-20020ae9e209000000b0076c8fd39407sm690972qkc.113.2023.10.13.08.10.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Oct 2023 08:10:40 -0700 (PDT) From: Joe Simmons-Talbott To: libc-alpha@sourceware.org Cc: Joe Simmons-Talbott Subject: [PATCH v2 2/2] posix: Deprecate group_member for Linux Date: Fri, 13 Oct 2023 11:10:26 -0400 Message-ID: <20231013151034.725257-3-josimmon@redhat.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231013151034.725257-1-josimmon@redhat.com> References: <20231013151034.725257-1-josimmon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org The alloca usage in group_member could lead to stack overflow on Linux. Removing the alloca usage would require group_member to handle the error condition where memory could not be allocated and that cannot be done since group_member returns either 1 or 0 for found or not found respectively. Thus deprecate group_member. Add a testcase. --- Changes to v1: * Add NEWS entry NEWS | 4 ++- posix/Makefile | 3 ++ posix/group_member.h | 29 ++++++++++++++++++ posix/tst-group_member.c | 41 ++++++++++++++++++++++++++ posix/unistd.h | 9 ++---- sysdeps/unix/sysv/linux/group_member.h | 30 +++++++++++++++++++ 6 files changed, 109 insertions(+), 7 deletions(-) create mode 100644 posix/group_member.h create mode 100644 posix/tst-group_member.c create mode 100644 sysdeps/unix/sysv/linux/group_member.h diff --git a/NEWS b/NEWS index c15b0dd0f9..0cfaf9c80a 100644 --- a/NEWS +++ b/NEWS @@ -43,7 +43,9 @@ Major new features: Deprecated and removed features, and other changes affecting compatibility: - [Add deprecations, removals and changes affecting compatibility here] +* Deprecated group_member on Linux as it uses alloca to allocate a large + buffer and has no capability for indicating failure for other memory + allocations. Changes to build and runtime requirements: diff --git a/posix/Makefile b/posix/Makefile index b46ff3259c..e24a05adbd 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -294,6 +294,7 @@ tests := \ tst-glob_symlinks \ tst-gnuglob \ tst-gnuglob64 \ + tst-group_member \ tst-group_member2 \ tst-mmap \ tst-mmap-offset \ @@ -616,6 +617,8 @@ bug-glob1-ARGS = "$(objpfx)" tst-execvp3-ARGS = --test-dir=$(objpfx) CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\" +CFLAGS-tst-group_member.c += -Wno-error=deprecated-declarations + # Test voluntarily overflows struct dirent CFLAGS-bug-glob2.c += $(no-fortify-source) diff --git a/posix/group_member.h b/posix/group_member.h new file mode 100644 index 0000000000..cc3c3ba603 --- /dev/null +++ b/posix/group_member.h @@ -0,0 +1,29 @@ +/* Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _GROUP_MEMBER_H +#define _GROUP_MEMBER_H 1 + +#ifdef __USE_GNU +/* Return nonzero iff the calling process is in group GID. */ +extern int group_member (__gid_t __gid) __THROW; +/* Return nonzero iff the calling process is in group GID. Return + -1 on error and set errno. */ +extern int group_member2 (__gid_t __gid) __THROW; +#endif + +#endif /* GROUP_MEMBER_H */ diff --git a/posix/tst-group_member.c b/posix/tst-group_member.c new file mode 100644 index 0000000000..7f70841832 --- /dev/null +++ b/posix/tst-group_member.c @@ -0,0 +1,41 @@ +/* Basic tests for group_member. + Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +#include + +static int do_test (void) +{ + int n; + gid_t *groups; + + n = getgroups (0, NULL); + groups = alloca (n * sizeof (*groups)); + n = getgroups (n, groups); + + while (n-- > 0) + TEST_COMPARE (1, group_member(groups[n])); + + return EXIT_SUCCESS; +} + +#include diff --git a/posix/unistd.h b/posix/unistd.h index 96816b186d..d73a9eeea2 100644 --- a/posix/unistd.h +++ b/posix/unistd.h @@ -710,13 +710,10 @@ extern __gid_t getegid (void) __THROW; of its supplementary groups in LIST and return the number written. */ extern int getgroups (int __size, __gid_t __list[]) __THROW __wur __fortified_attr_access (__write_only__, 2, 1); + #ifdef __USE_GNU -/* Return nonzero iff the calling process is in group GID. */ -extern int group_member (__gid_t __gid) __THROW; -/* Return nonzero iff the calling process is in group GID. Return - -1 on error and set errno. */ -extern int group_member2 (__gid_t __gid) __THROW; -#endif +# include +#endif /* Set the user ID of the calling process to UID. If the calling process is the super-user, set the real diff --git a/sysdeps/unix/sysv/linux/group_member.h b/sysdeps/unix/sysv/linux/group_member.h new file mode 100644 index 0000000000..967b52df1b --- /dev/null +++ b/sysdeps/unix/sysv/linux/group_member.h @@ -0,0 +1,30 @@ +/* Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _GROUP_MEMBER_H +#define _GROUP_MEMBER_H 1 + +#ifdef __USE_GNU +/* Return nonzero iff the calling process is in group GID. Deprecated */ +extern int group_member (__gid_t __gid) __THROW + __attribute_deprecated_msg__ ("may overflow the stack"); +/* Return nonzero iff the calling process is in group GID. Return + -1 on error and set errno. */ +extern int group_member2 (__gid_t __gid) __THROW; +#endif + +#endif /* GROUP_MEMBER_H */