From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id b136ed09 for ; Sun, 2 Feb 2020 08:11:05 +0000 (UTC) Received: (qmail 5754 invoked by alias); 2 Feb 2020 08:11:00 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 45377 Received: (qmail 3288 invoked by uid 1010); 2 Feb 2020 08:11:00 -0000 X-Qmail-Scanner-Diagnostics: from wout5-smtp.messagingengine.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.1/25703. spamassassin: 3.4.2. Clear:RC:0(64.147.123.21):SA:0(-2.6/5.0):. Processed in 1.361352 secs); 02 Feb 2020 08:11:00 -0000 X-Envelope-From: d.s@daniel.shahaf.name X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: none (ns1.primenet.com.au: domain at daniel.shahaf.name does not designate permitted sender hosts) X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrgeeggddvvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkjghfofggtgfgsehtqhdttdertdejnecuhfhrohhmpeffrghnihgv lhcuufhhrghhrghfuceougdrshesuggrnhhivghlrdhshhgrhhgrfhdrnhgrmhgvqeenuc fkphepjeelrddukedtrdehjedrudduleenucevlhhushhtvghrufhiiigvpedtnecurfgr rhgrmhepmhgrihhlfhhrohhmpegurdhssegurghnihgvlhdrshhhrghhrghfrdhnrghmvg X-ME-Proxy: Date: Sun, 2 Feb 2020 08:10:21 +0000 From: Daniel Shahaf To: Stephane Chazelas Cc: Zsh hackers list Subject: Re: [bug] :P modifier and symlink loops Message-ID: <20200202081021.7c8aab22@tarpaulin.shahaf.local2> In-Reply-To: <20200201175740.lma5dxgwufk6fpeg@chazelas.org> References: <20200111170047.ifjsdd5lfeksqyaa@chaz.gmail.com> <20200201175740.lma5dxgwufk6fpeg@chazelas.org> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Stephane Chazelas wrote on Sat, 01 Feb 2020 17:57 +0000: > Ping: Thanks for the ping. I've added this to Etc/BUGS so we don't forget it. I worked on :P before, so I've added this to my list to investigate further, but I don't know when I'll get to it. > 2020-01-11 17:00:47 +0000, Stephane Chazelas: > Hi, >=20 > I've got the feeling it's been discussed before, but could not > find it in the archives. >=20 > $ ln -s loop /tmp/ > $ f=3D/tmp/loop strace ~/install/cvs/zsh/Src/zsh -c '$f:P' > [...] > readlink("/tmp/loop", "loop", 4096) =3D 4 > readlink("/tmp/loop", "loop", 4096) =3D 4 > [...] > readlink("/tmp/loop", "loop", 4096) =3D 4 > readlink("/tmp/loop", "loop", 4096) =3D 4 > --- SIGSEGV {si_signo=3DSIGSEGV, si_code=3DSEGV_MAPERR, > si_addr=3D0x7ffec7a345e0} --- =20 > +++ killed by SIGSEGV +++ >=20 > possibly stack overflow caused by unbound recursion or buffer > overflow on /tmp/loop/loop... but the bigger question is what to > do here. >=20 > The ELOOP problem is usually addressed by giving up after an > arbitrary number of symlinks has been resolved (regardless of > whether there is indeed a loop or not) in the lookup of the > file, but here $f:P *has* to expand to something, so what should > that be? >=20 > For instance, for >=20 > cd / > file=3Dbin/../tmp/loop/../foo/.. above? >=20 > The only thing I can think of is expand to: >=20 > /tmp/loop/../foo/.. >=20 > (maybe done by first doing a stat(the-file); if it returns > ELOOP, do a stat() at each stage of the resolution and give up > on the first ELOOP). >=20 > Any other idea? The postcondition of :P is "no dot or dot-dot components and no symlinks". When the loop is on the last path component (as in ${${:-/tmp/loop}:P} and ${${:-/tmp/trap}:P} after =C2=ABln -s loop /tmp/trap=C2=BB) we could st= ill print a path to the loop symlink that meets the postcondition, except for the loop symlink in the last path component. However, in ${${:-"/tmp/loop/../foo"}} we can't meet the postcondition. I think our options are either to throw an exception, like a glob with no matches does, or to keep the additional components verbatim, as you suggest. Intuitively I lean towards the first option. We aren't a CGI script, where PATH_INFO is to be expected. If we can't return a path without dot and dot-dot components and without symlinks, we should raise an error rather than continue silently. However, I'm open to alternatives. I think the first option could be implemented along the lines of: 1. Call realpath($arg). 2. If it returns ELOOP, call realpath(${arg:h}) and append "/${arg:t}". 3. Otherwise, throw an exception (i.e., set errflag). Cheers, Daniel P.S. Here's a quick test for the "loop in the last path component" case: diff --git a/Test/D02glob.ztst b/Test/D02glob.ztst index 3d7df94c9..a5657be59 100644 --- a/Test/D02glob.ztst +++ b/Test/D02glob.ztst @@ -742,6 +742,16 @@ >glob.tmp/secret-s111/ glob.tmp/secret-s111 >glob.tmp/secret-s444/ glob.tmp/secret-s444 =20 + ln -s loop glob.tmp/loop + ln -s loop glob.tmp/trap + {=20 + $ZTST_testdir/../Src/zsh -fc 'echo $1:P' . glob.tmp/trap + } always { + rm -f glob.tmp/trap glob.tmp/loop + } +-f:the ':P' modifier handles symlink loops in the last path component +*>*/(trap|loop) + %clean =20 # Fix unreadable-directory permissions so ztst can clean up properly