From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <musl-return-20329-ml=inbox.vuxu.org@lists.openwall.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: from second.openwall.net (second.openwall.net [193.110.157.125])
	by inbox.vuxu.org (Postfix) with SMTP id D866B222FA
	for <ml@inbox.vuxu.org>; Wed, 31 Jan 2024 14:09:17 +0100 (CET)
Received: (qmail 32079 invoked by uid 550); 31 Jan 2024 13:03:47 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 1864 invoked from network); 31 Jan 2024 02:28:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gfxmonk.net;
	s=default; t=1706668239;
	bh=SQfTN9vjruCH9wVGFmqm3v+j+mAnYxaojyErvIctR6Q=;
	h=From:Date:Subject:To:From;
	b=GPsSXwyptRWmTyWaO7UM+rfZ9gm3AnZyDlXOgQ6zHzk02/00LzY1QEjjo1NKehVs/
	 qmcYnVYOzbXqe8VJtUGhIWJKKuBgq4CTtF4EW26XRgd+rA/wiDFixVAra2nJ/gCGuw
	 EUVYpIMIHfhFnMpx/NrH3RJApuCkEGs1G6FmOP8fnER6HX1AQuRAWU82ZpeqUuDL74
	 hrzKfv6pwEW53zG/EM6r0s1kuPeTXaCV8lZzJ4OsWK/cVBPn8q7zcDRTe/Zya2hPee
	 TyaJlsqTmuYex+CPhz++rneCsgUGdxQ8IX73Sji/z05av6hYFOIcpgLu04Z8j4CCVO
	 v1q7KEc+/i9Aw==
X-Gm-Message-State: AOJu0YxjpgfJP3DTG/glCqbaCE1F0JAFLPlN681wUDaeNVYddc95ysOc
	5zOrxRgKjZLekp6wCEELlWXGCpMlPJnGE637W6KUjN/lGkyrg5XKqOgWqlo81cU0qH1b7XjSGiI
	ZFfRlmyssthJUa1FAKnjH41Ycv78=
X-Google-Smtp-Source: AGHT+IEa/c7fH+/3lQjj0NvETc1FuenmeFbbLgwBfQc10s8+/b1OKyytdE8XY+Kx3kqMYqpFO7L9TZ3Iu6T6xQBIalQ=
X-Received: by 2002:ac8:5f13:0:b0:42a:8239:fdc5 with SMTP id
 x19-20020ac85f13000000b0042a8239fdc5mr515200qta.43.1706668238546; Tue, 30 Jan
 2024 18:30:38 -0800 (PST)
MIME-Version: 1.0
From: Tim Cuthbertson <tim@gfxmonk.net>
Date: Wed, 31 Jan 2024 13:30:21 +1100
X-Gmail-Original-Message-ID: <CAC-LLDh0ApeJEX54EgPNrySh71YHPzoPB5wMNu3Y5msk7jqCtw@mail.gmail.com>
Message-ID: <CAC-LLDh0ApeJEX54EgPNrySh71YHPzoPB5wMNu3Y5msk7jqCtw@mail.gmail.com>
To: musl@lists.openwall.com
Content-Type: multipart/mixed; boundary="0000000000001be9c4061034aacf"
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [musl] Bug: installed symlinks are unreadable on MacOS

--0000000000001be9c4061034aacf
Content-Type: multipart/alternative; boundary="0000000000001be9c2061034aacd"

--0000000000001be9c2061034aacd
Content-Type: text/plain; charset="UTF-8"

I'm not subscribed to the mailing list, please CC me on replies.

Installed symlinks (specifically ld-musl-x86_64.so.1 have permissions 0700
on MacOS, which means only the owner (typically root) can read them.

Symlink permissions can't be anything but 0777 on Linux, but on Mac they
can be set, and in this case are being inherited from the 077 umask in
install.sh:

```
$ ls -l
/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1
ls: cannot read symbolic link
'/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1':
Permission denied
lrwx------ 1 root wheel 7 Jan  1  1970
/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1
```

My fix (attached) is to use `umask 022`, which was already being used to
make directories. It's not practical to fix this by specifying the intended
permissions for this symlink, as setting link permissions requires the
nonstandard `-h` chmod flag, which presumably fails on other platforms.

First discovered when cross-building on MacOS for linux:
https://github.com/NixOS/nixpkgs/issues/285141

I've tested the fix works in nix. I am fairly confident the same issue
exists outside of Nix given the fix, but I haven't built musl before and
ran into unrelated errors.

Thanks,
 - Tim

--0000000000001be9c2061034aacd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;m not subscribed to the mailing list, please CC me o=
n replies.<div><br></div><div>Installed symlinks (specifically=C2=A0ld-musl=
-x86_64.so.1 have permissions 0700 on MacOS, which means only the owner (ty=
pically root) can read them.</div><div><br></div><div>Symlink permissions c=
an&#39;t be anything but 0777 on Linux, but on Mac they can be set, and in =
this case are being inherited from the 077 umask in install.sh:</div><div><=
br></div><div>```</div><div>$ ls -l /nix/store/fgkznmnz1swzp8ck75fa2zvj62pk=
jgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1</div>ls: =
cannot read symbolic link &#39;/nix/store/fgkznmnz1swzp8ck75fa2zvj62pkjgvq-=
musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-musl-x86_64.so.1&#39;: Permissi=
on denied<br>lrwx------ 1 root wheel 7 Jan =C2=A01 =C2=A01970 /nix/store/fg=
kznmnz1swzp8ck75fa2zvj62pkjgvq-musl-x86_64-unknown-linux-musl-1.2.3/lib/ld-=
musl-x86_64.so.1<div>```<br><div><br></div><div>My fix (attached) is to use=
 `umask 022`, which was already being used to make directories. It&#39;s no=
t practical to fix this by specifying the intended permissions for this sym=
link, as setting link permissions requires the nonstandard `-h` chmod flag,=
 which presumably fails on other platforms.</div><div><br></div><div>First =
discovered when cross-building on MacOS for linux:</div><div><a href=3D"htt=
ps://github.com/NixOS/nixpkgs/issues/285141">https://github.com/NixOS/nixpk=
gs/issues/285141</a><br></div><div><br></div><div>I&#39;ve tested the fix w=
orks in nix. I am fairly confident the same issue exists outside of Nix giv=
en the fix, but I haven&#39;t built musl before and ran into unrelated erro=
rs.</div></div><div><br></div><div>Thanks,</div><div>=C2=A0- Tim</div></div=
>

--0000000000001be9c2061034aacd--
--0000000000001be9c4061034aacf
Content-Type: application/octet-stream; name="musl-chmod.patch"
Content-Disposition: attachment; filename="musl-chmod.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_ls15utpe0>
X-Attachment-Id: f_ls15utpe0

RnJvbSAwNWI4OWY3ODNmZDE4NzNjZTllYzExMjdmYTc2ZDAwMjkyMWNhYTIzIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBUaW0gQ3V0aGJlcnRzb24gPHRpbUBnZnhtb25rLm5ldD4KRGF0
ZTogV2VkLCAzMSBKYW4gMjAyNCAxMjo0NTowNiArMTEwMApTdWJqZWN0OiBbUEFUQ0hdIGluc3Rh
bGwuc2g6IHJlbGF4IHVtYXNrIHRvIGZpeCByZXN0cmljdGl2ZSBzeW1saW5rCiBwZXJtaXNzaW9u
cyBvbiBNYWNPUwoKLS0tCiB0b29scy9pbnN0YWxsLnNoIHwgNSArKy0tLQogMSBmaWxlIGNoYW5n
ZWQsIDIgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9p
bnN0YWxsLnNoIGIvdG9vbHMvaW5zdGFsbC5zaAppbmRleCBkOTEzYjYwYmYuLjYyY2E0MDExYyAx
MDA3NTUKLS0tIGEvdG9vbHMvaW5zdGFsbC5zaAorKysgYi90b29scy9pbnN0YWxsLnNoCkBAIC0z
Niw4ICszNiw5IEBAIGVzYWMKIHNldCAtQwogc2V0IC1lCiAKLWlmIHRlc3QgIiRta2RpcnAiIDsg
dGhlbgogdW1hc2sgMDIyCisKK2lmIHRlc3QgIiRta2RpcnAiIDsgdGhlbgogY2FzZSAiJDIiIGlu
CiAqLyopIG1rZGlyIC1wICIke2RzdCUvKn0iIDs7CiBlc2FjCkBAIC00NSw4ICs0Niw2IEBAIGZp
CiAKIHRyYXAgJ3JtIC1mICIkdG1wIicgRVhJVCBJTlQgUVVJVCBURVJNIEhVUAogCi11bWFzayAw
NzcKLQogaWYgdGVzdCAiJHN5bWxpbmsiIDsgdGhlbgogbG4gLXMgIiQxIiAiJHRtcCIKIGVsc2UK
--0000000000001be9c4061034aacf--