From: Tim Cuthbertson <tim@gfxmonk.net>
To: musl@lists.openwall.com
Subject: [musl] Bug: installed symlinks are unreadable on MacOS
Date: Wed, 31 Jan 2024 13:30:21 +1100 [thread overview]
Message-ID: <CAC-LLDh0ApeJEX54EgPNrySh71YHPzoPB5wMNu3Y5msk7jqCtw@mail.gmail.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1375 bytes --]
I'm not subscribed to the mailing list, please CC me on replies.
Installed symlinks (specifically ld-musl-x86_64.so.1 have permissions 0700
on MacOS, which means only the owner (typically root) can read them.
Symlink permissions can't be anything but 0777 on Linux, but on Mac they
can be set, and in this case are being inherited from the 077 umask in
install.sh:
```
$ ls -l
/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1
ls: cannot read symbolic link
'/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1':
Permission denied
lrwx------ 1 root wheel 7 Jan 1 1970
/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1
```
My fix (attached) is to use `umask 022`, which was already being used to
make directories. It's not practical to fix this by specifying the intended
permissions for this symlink, as setting link permissions requires the
nonstandard `-h` chmod flag, which presumably fails on other platforms.
First discovered when cross-building on MacOS for linux:
https://github.com/NixOS/nixpkgs/issues/285141
I've tested the fix works in nix. I am fairly confident the same issue
exists outside of Nix given the fix, but I haven't built musl before and
ran into unrelated errors.
Thanks,
- Tim
[-- Attachment #1.2: Type: text/html, Size: 1708 bytes --]
[-- Attachment #2: musl-chmod.patch --]
[-- Type: application/octet-stream, Size: 741 bytes --]
From 05b89f783fd1873ce9ec1127fa76d002921caa23 Mon Sep 17 00:00:00 2001
From: Tim Cuthbertson <tim@gfxmonk.net>
Date: Wed, 31 Jan 2024 12:45:06 +1100
Subject: [PATCH] install.sh: relax umask to fix restrictive symlink
permissions on MacOS
---
tools/install.sh | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/install.sh b/tools/install.sh
index d913b60bf..62ca4011c 100755
--- a/tools/install.sh
+++ b/tools/install.sh
@@ -36,8 +36,9 @@ esac
set -C
set -e
-if test "$mkdirp" ; then
umask 022
+
+if test "$mkdirp" ; then
case "$2" in
*/*) mkdir -p "${dst%/*}" ;;
esac
@@ -45,8 +46,6 @@ fi
trap 'rm -f "$tmp"' EXIT INT QUIT TERM HUP
-umask 077
-
if test "$symlink" ; then
ln -s "$1" "$tmp"
else
next reply other threads:[~2024-01-31 13:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-31 2:30 Tim Cuthbertson [this message]
2024-01-31 13:47 ` Rich Felker
2024-01-31 22:39 ` Tim Cuthbertson
2024-01-31 23:32 ` Rich Felker
2024-02-02 2:42 ` Tim Cuthbertson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAC-LLDh0ApeJEX54EgPNrySh71YHPzoPB5wMNu3Y5msk7jqCtw@mail.gmail.com \
--to=tim@gfxmonk.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).