From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28225 invoked by alias); 13 Mar 2018 10:52:12 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 42455 Received: (qmail 15794 invoked by uid 1010); 13 Mar 2018 10:52:12 -0000 X-Qmail-Scanner-Diagnostics: from mx-relay05-hz1.antispameurope.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(94.100.132.205):SA:0(-2.6/5.0):. Processed in 7.079133 secs); 13 Mar 2018 10:52:12 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham autolearn_force=no version=3.4.1 X-Envelope-From: joerg.schilling@fokus.fraunhofer.de X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Date: Tue, 13 Mar 2018 11:44:38 +0100 From: Joerg Schilling To: , , Subject: Re: [minor] umask 400 causes here-{doc,string} failure Message-ID: <5aa7ab96.e+nCHyR20O5OU0DU%Joerg.Schilling@fokus.fraunhofer.de> References: <20180311151742.GB6450@chaz.gmail.com> In-Reply-To: <20180311151742.GB6450@chaz.gmail.com> User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-KSE-ServerInfo: hahn.fokus.fraunhofer.de, 9 X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled X-KSE-Antivirus-Interceptor-Info: scan successful X-KSE-Antivirus-Info: Clean, bases: 13.03.2018 08:13:00 X-cloud-security-sender:joerg.schilling@fokus.fraunhofer.de X-cloud-security-recipient:zsh-workers@zsh.org X-cloud-security-Virusscan:CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-relay05-hz1.antispameurope.com with EB57A201AB327 X-cloud-security-connect: smtpsrv2.fokus.fraunhofer.de[195.37.77.176], TLS=1, IP=195.37.77.176 X-cloud-security:scantime:.1972 Stephane Chazelas wrote: > Note: sent to bash, zsh and Schily Bourne shell dev mailing > lists (not mksh as my email provider apparently doesn't play > well with mirbsd.org's expensive greylisting, please feel free > to forward there if you don't use gmail). > > That's from: > https://unix.stackexchange.com/questions/429285/cannot-create-temp-file-for-here-document-permission-denied This is a really interesting problem. > $ bash -c 'umask 400; cat <<< test' > bash: cannot create temp file for here-document: Permission denied > $ zsh -c 'umask 400; cat <<< test' > zsh:1: can't create temp file for here document: permission denied > $ bosh -c 'umask 400; cat << EOF > test > EOF' > bosh: /tmp/sh193220: cannot open > $ mksh -c 'umask 400; cat <<< test' > mksh: can't open temporary file /tmp/sh933f2z.tmp: Permission denied > > Those shells use temporary files to store the content of the > here-documents as the Bourne shell initially did, and open them > in read-only mode to make it cat's stdin. It is a bit more complex: They first create a temp file for the here document and this is done before umask(0400) gets executed. They then create another file that gets the expanded version for the here document temp input file. Since this is done after chmod(0400) was executed, the second file is not readable. > When umask contains the 0400 bit, the file is created without > read permission to the user, hence the error upon that second > open(). > > (note that bosh also leaves the temp file behind in that > case). This is what bosh inherited from the temp file management from the SVR4 Bourne Shell that creates hard links to temp files in case there is a sub-shell. This in the past created plenty of left over temp files for various reasons. At the same time, the original SVR4 Bourne Shell did unlink many of the temp files too early. Bosh fixed the latter problem by introducing an io barrier in the list of temp files. The main problem here is that the second (expanded) temp file is not entered into the temp file list and thus did not get removed. With my fixes that keep the file open (see below) the file is now removed before closing it. I hope this is the only case where temp files still have not been removed correctly. > I can think of several ways to address it: > > 1- do nothing and blame the user as the user explicitly asked > for files to be unreadable (but then again, it's not obvious > to the user that heredocs imply a temp file) > > 2- do like AT&T ksh/tcsh (or yash for big heredocs that don't > fit in the pipe buffer) and open the file only once for both > writing the content and making it the command's stdin (with a > lseek() to beginning in between). That means the fd ends up > being writable though I can't see it being a huge problem. (Yash > actually gives the file 000 permissions here regardless of the > umask with open("/tmp/yash-ECCFE6268", O_RDWR|O_CREAT|O_EXCL, > 0), but see below about =(...) emulation) This is not sufficient in case that the original (unexpanded) temp file was created with 0400 already. ... > 4. Reset the umask temporarily to 077 before creating the temp > file (and block trapped signals until it's restored). > > > 2 would have my preference. See above, this is most likely not sufficient as I am not sure whether it works to keep the primary temp file open. Ksh93 may do this since it needs to implement a more complex housekeeping algorithm as a result of the "virtual subshell" feature anyway. I changed bosh to keep the second temp file open since the original code creates the file, writes the expanded input to it, closes it and immediately reopens it readonly and then removes it. To fix the write only problem with the primary temp file, I called fchmod(fd, 0600) in the function tmpfil() immediately after the creation of the temp file succeeded. The modified bosh still passes the bosh unit test suite. Jörg -- EMail:joerg@schily.net (home) Jörg Schilling D-13353 Berlin joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.org/private/ http://sf.net/projects/schilytools/files/'