From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 22636 invoked from network); 10 Apr 2021 15:57:46 -0000 Received: from bsd.lv (HELO mandoc.bsd.lv) (66.111.2.12) by inbox.vuxu.org with ESMTPUTF8; 10 Apr 2021 15:57:46 -0000 Received: from fantadrom.bsd.lv (localhost [127.0.0.1]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id d7b15a7b for ; Sat, 10 Apr 2021 10:57:43 -0500 (EST) Received: from mail1.systemli.org (mail1.systemli.org [212.103.72.247]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id b2f6f62c for ; Sat, 10 Apr 2021 10:57:41 -0500 (EST) Subject: [PATCH v2 makewhatis] refactor HOMEBREWDIR into READ_ALLOWED_PATH DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org; s=default; t=1618070259; bh=T/fz8ccoKjfpEwZJv8+ZSnZ/7B3ASTlVGUbSlFGeS9Q=; h=Subject:To:References:From:Date:In-Reply-To:From; b=QpD0PAyKUdI+/Izu3X1m0GLfQ+2okPOOq1JKmg/qnmKAxlVfantoUm/jzBJetPX4/ PLheijX7UT7bn7cvkYdZgsx4QpZPbDmg19lOaLIl2PTUeWWL7Gkz7CPTCBRElwGE+1 NkFmev5CFK5IVGSvd2UJAXQ1FbelQz0s+LmdNWzPxnMN0QlbhIbiQs5XlW9+3cfC5E 5roENjnpH9ATlUg7kWiZ5o8G5/c1UZDXOudKzoTpLO9bwsgN52TGRT+7P9nsh+ANMB 83vWQq9GVZABA6oUSEpM0/Te1j4m92uZfJgYAY5eBwf1SRb0ZIG13uumemKz1saZWa pHidcADh841LA== To: tech@mandoc.bsd.lv References: <8bce7cc9-954e-1c28-ee25-13969f66eb20@systemli.org> <20210330203020.GA94101@athene.usta.de> <060f9222-a388-a9fa-dc34-8f1981f8bf65@systemli.org> <20210331173434.GA57338@athene.usta.de> From: sternenseemann Message-ID: <3d224309-ff55-6354-8996-2c0e2b38f7a6@systemli.org> Date: Sat, 10 Apr 2021 17:57:37 +0200 X-Mailinglist: mandoc-tech Reply-To: tech@mandoc.bsd.lv MIME-Version: 1.0 In-Reply-To: <20210331173434.GA57338@athene.usta.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Hi Ingo, I went ahead and implemented your suggestion of READ_ALLOWED_PATH. It is mostly your code with the const char * assignment fixed and a tweak to the parser, so it doesn't allow every realpath if READ_ALLOWED_PATH has a leading or trailing ':'. The previous checks on basedir and HOMEBREWDIR if defined have been refactored into a function called read_allowed which also tracks the length of the allowed dir which allows us to at least strip the prefix from READ_ALLOWED_PATHS in filescan (this wasn't done previously for HOMEBREWDIR). HOMEBREWDIR is still supported as a configuration option, but we just append it to READ_ALLOWED_PATHS in configure. The variable expansion shenanigans in there are not strictly necessary as the parser would also support leading colons, but since it works in ksh as well, there seems to be no harm in having a clean READ_ALLOWED_PATH. To indicate deprecation, I've removed HOMEBREWDIR from configure.local.example. I tested the following cases: * "/nix/store" * ":/nix/store" * "/nix/store:" * "/nix/store:/usr/local/Cellar" * "/nix/store:/usr/local/Cellar:" * ":/nix/store:/usr/local/Cellar" * "/nix/store:/usr/local/Cellar:/gnu/store" with a few example paths. Also I've rebuild my system with the new patch and it works as expected. Did some sanity checks with makewhatis -n as well. Cheers, Lukas PS: Still not sure about the naming, but I don't really care. Index: configure =================================================================== RCS file: /cvs/mandoc/configure,v retrieving revision 1.77 diff -r1.77 configure 464c464,469 < [ -n "${HOMEBREWDIR}" ] && echo "#define HOMEBREWDIR \"${HOMEBREWDIR}\"" --- > if [ -n "${HOMEBREWDIR}" ]; then > # support deprecated configuration variable HOMEBREWDIR > # by appending it to READ_ALLOWED_PATH > READ_ALLOWED_PATH="${READ_ALLOWED_PATH:+$READ_ALLOWED_PATH:}${HOMEBREWDIR}" > fi > [ -n "${READ_ALLOWED_PATH}" ] && echo "#define READ_ALLOWED_PATH \"${READ_ALLOWED_PATH}\"" Index: configure.local.example =================================================================== RCS file: /cvs/mandoc/configure.local.example,v retrieving revision 1.39 diff -r1.39 configure.local.example 214,216c214,220 < # into the manual trees. To allow mandoc to follow such symlinks, < # you have to specify the physical location of the cellar as returned < # by realpath(3), for example: --- > # into the manual trees. A similar situation arises on Linux > # distribution such as NixOS and Guix where all man pages are in a > # so-called “store” directory which are then symlinked into the man > # basedir. To allow mandoc to follow such symlinks, you have to specify > # the physical location of the cellar / store directory as returned by > # realpath(3) like in the following example. You can specify multiple > # locations by separating them with colons. 219c223 < HOMEBREWDIR="${PREFIX}/Cellar" --- > READ_ALLOWED_PATH="/nix/store:/gnu/store:${PREFIX}/Cellar" Index: mandocdb.c =================================================================== RCS file: /cvs/mandoc/mandocdb.c,v retrieving revision 1.267 diff -r1.267 mandocdb.c 167a168 > static ssize_t read_allowed(char *); 614,618c615 < if (strncmp(buf, basedir, basedir_len) != 0 < #ifdef HOMEBREWDIR < && strncmp(buf, HOMEBREWDIR, strlen(HOMEBREWDIR)) < #endif < ) { --- > if (read_allowed(buf) == -1) { 788a786 > ssize_t prefix_len; 824,829c822,823 < else if (strncmp(usefile, basedir, basedir_len) == 0) < start = usefile + basedir_len; < #ifdef HOMEBREWDIR < else if (strncmp(usefile, HOMEBREWDIR, strlen(HOMEBREWDIR)) == 0) < start = usefile; < #endif --- > else if ((prefix_len = read_allowed(usefile)) != -1) > start = usefile + prefix_len; 1947a1942,1980 > } > > /* > * Checks if we may read from a given realpath when > * constructing a database. This checks if the given > * path is in the current set basedir or any directory > * in READ_ALLOWED_PATH if it is defined. > * > * Returns -1 if reading is not allowed, the length > * of the allowed directory part of the realpath if > * reading is allowed. Note that stripping a prefix of > * this length is only guaranteed to be a man dir if > * the file is in basedir. > */ > static ssize_t > read_allowed(char *realpath) > { > // if we have no basedir, don't check > if(basedir_len == 0 || basedir == NULL || *basedir == '\0') > return basedir_len; > > if(strncmp(realpath, basedir, basedir_len) == 0) > return basedir_len; > > #ifdef READ_ALLOWED_PATH > const char *pb = READ_ALLOWED_PATH; > > while (*pb != '\0') { > size_t len = strcspn(pb, ":"); > > if (len > 0 && strncmp(realpath, pb, len) == 0) > return len; > > pb += len; > pb += strspn(pb, ":"); > } > #endif > > return -1; -- To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv