From b6aedd68bcbb07c9c6fd60e10cde314b68b0e1e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Tue, 11 Sep 2012 23:44:59 +0200 Subject: [PATCH] Don't stat(2) and access(2) the .go location before using it. * module/system/base/compile.scm (ensure-directory): Rename to... (ensure-directory): ... this. Update callers. When ERRNO is EEXIST, assume DIR is a writable directory instead of calling `stat' and `access?' again. Fixes UID/EUID mismatches for setuid binaries. Reported by rixed@happyleptic.org at . --- module/system/base/compile.scm | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/module/system/base/compile.scm b/module/system/base/compile.scm index 0bc11a30f..afcb55a72 100644 --- a/module/system/base/compile.scm +++ b/module/system/base/compile.scm @@ -1,6 +1,6 @@ ;;; High-level compiler interface -;; Copyright (C) 2001, 2009, 2010, 2011 Free Software Foundation, Inc. +;; Copyright (C) 2001, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. ;;; This library is free software; you can redistribute it and/or ;;; modify it under the terms of the GNU Lesser General Public @@ -72,7 +72,7 @@ ;; before the check, so that we avoid races (possibly due to parallel ;; compilation). ;; -(define (ensure-writable-dir dir) +(define (ensure-directory dir) (catch 'system-error (lambda () (mkdir dir)) @@ -80,13 +80,12 @@ (let ((errno (and (pair? rest) (car rest)))) (cond ((eqv? errno EEXIST) - (let ((st (stat dir))) - (if (or (not (eq? (stat:type st) 'directory)) - (not (access? dir W_OK))) - (error "directory not writable" dir)))) + ;; Assume it's a writable directory, to avoid TOCTOU errors, + ;; as well as UID/EUID mismatches that occur with access(2). + #t) ((eqv? errno ENOENT) - (ensure-writable-dir (dirname dir)) - (ensure-writable-dir dir)) + (ensure-directory (dirname dir)) + (ensure-directory dir)) (else (throw k subr fmt args rest))))))) @@ -125,7 +124,7 @@ %compile-fallback-path (canonical->suffix (canonicalize-path file)) (compiled-extension)))) - (and (false-if-exception (ensure-writable-dir (dirname f))) + (and (false-if-exception (ensure-directory (dirname f))) f)))) (define* (compile-file file #:key @@ -144,7 +143,7 @@ ;; Choose the input encoding deterministically. (set-port-encoding! in (or enc "UTF-8")) - (ensure-writable-dir (dirname comp)) + (ensure-directory (dirname comp)) (call-with-output-file/atomic comp (lambda (port) ((language-printer (ensure-language to))