diff options
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/gen/Makefile.inc | 1 | ||||
| -rw-r--r-- | lib/libc/gen/Symbol.map | 1 | ||||
| -rw-r--r-- | lib/libc/gen/directory.3 | 51 | ||||
| -rw-r--r-- | lib/libc/gen/gen-compat.h | 1 | ||||
| -rw-r--r-- | lib/libc/gen/gen-private.h | 3 | ||||
| -rw-r--r-- | lib/libc/gen/readdir-compat11.c | 2 | ||||
| -rw-r--r-- | lib/libc/gen/readdir.c | 8 | ||||
| -rw-r--r-- | lib/libc/tests/stdtime/detect_tz_changes_test.c | 89 |
8 files changed, 82 insertions, 74 deletions
diff --git a/lib/libc/gen/Makefile.inc b/lib/libc/gen/Makefile.inc index 4d064d18d36e..c32f514d7176 100644 --- a/lib/libc/gen/Makefile.inc +++ b/lib/libc/gen/Makefile.inc @@ -342,7 +342,6 @@ MLINKS+=directory.3 closedir.3 \ directory.3 fdopendir.3 \ directory.3 opendir.3 \ directory.3 readdir.3 \ - directory.3 readdir_r.3 \ directory.3 rewinddir.3 \ directory.3 seekdir.3 \ directory.3 telldir.3 diff --git a/lib/libc/gen/Symbol.map b/lib/libc/gen/Symbol.map index 26f638568efc..86a8712ef12f 100644 --- a/lib/libc/gen/Symbol.map +++ b/lib/libc/gen/Symbol.map @@ -418,7 +418,6 @@ FBSD_1.5 { globfree; nftw; readdir; - readdir_r; scandir; sem_clockwait_np; setproctitle_fast; diff --git a/lib/libc/gen/directory.3 b/lib/libc/gen/directory.3 index 263dfdd6eb95..a92d51980aab 100644 --- a/lib/libc/gen/directory.3 +++ b/lib/libc/gen/directory.3 @@ -25,14 +25,13 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 1, 2020 +.Dd September 5, 2025 .Dt DIRECTORY 3 .Os .Sh NAME .Nm opendir , .Nm fdopendir , .Nm readdir , -.Nm readdir_r , .Nm telldir , .Nm seekdir , .Nm rewinddir , @@ -50,8 +49,6 @@ .Fn fdopendir "int fd" .Ft struct dirent * .Fn readdir "DIR *dirp" -.Ft int -.Fn readdir_r "DIR *dirp" "struct dirent *entry" "struct dirent **result" .Ft long .Fn telldir "DIR *dirp" .Ft void @@ -65,15 +62,6 @@ .Ft int .Fn dirfd "DIR *dirp" .Sh DESCRIPTION -.Bf -symbolic -The -.Fn readdir_r -interface is deprecated -because it cannot be used correctly unless -.Brq Va NAME_MAX -is a fixed value. -.Ef -.Pp The .Fn opendir function @@ -112,7 +100,6 @@ or to modify the state of the associated description other than by means of .Fn closedir , .Fn readdir , -.Fn readdir_r , or .Fn rewinddir , the behavior is undefined. @@ -144,34 +131,6 @@ may be set to any of the values documented for the system call. .Pp The -.Fn readdir_r -function -provides the same functionality as -.Fn readdir , -but the caller must provide a directory -.Fa entry -buffer to store the results in. -The buffer must be large enough for a -.Vt struct dirent -with a -.Va d_name -array with -.Brq Va NAME_MAX -+ 1 elements. -If the read succeeds, -.Fa result -is pointed at the -.Fa entry ; -upon reaching the end of the directory -.Fa result -is set to -.Dv NULL . -The -.Fn readdir_r -function -returns 0 on success or an error number to indicate failure. -.Pp -The .Fn telldir function returns a token representing the current location associated with the named @@ -305,9 +264,7 @@ is not associated with a directory. .Pp The .Fn readdir -and -.Fn readdir_r -functions may also fail and set +function may also fail and set .Va errno for any of the errors specified for the routine .Xr getdents 2 . @@ -338,7 +295,6 @@ The .Fn fdopendir , .Fn opendir , .Fn readdir , -.Fn readdir_r , .Fn rewinddir , .Fn seekdir and @@ -391,7 +347,8 @@ will always set the correct location to return the same value as that last .Fn readdir performed. This is enough for some applications which want to -"push back the last entry read", e.g., Samba. +.Dq push back the last entry read , +e.g. Samba. Seeks back to any other location, other than the beginning of the directory, may result in unexpected behaviour if deletes are present. diff --git a/lib/libc/gen/gen-compat.h b/lib/libc/gen/gen-compat.h index 08e80ede6b6e..4518c3f130d1 100644 --- a/lib/libc/gen/gen-compat.h +++ b/lib/libc/gen/gen-compat.h @@ -37,6 +37,7 @@ struct freebsd11_dirent; struct freebsd11_stat; struct freebsd11_statfs; +int freebsd15_readdir_r(DIR *, struct dirent *, struct dirent **); struct freebsd11_dirent *freebsd11_readdir(DIR *); int freebsd11_readdir_r(DIR *, struct freebsd11_dirent *, struct freebsd11_dirent **); diff --git a/lib/libc/gen/gen-private.h b/lib/libc/gen/gen-private.h index b6749b3435cd..97dd41ffbdfc 100644 --- a/lib/libc/gen/gen-private.h +++ b/lib/libc/gen/gen-private.h @@ -60,7 +60,4 @@ struct _dirdesc { #define _dirfd(dirp) ((dirp)->dd_fd) -struct dirent; -int __readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result); - #endif /* !_GEN_PRIVATE_H_ */ diff --git a/lib/libc/gen/readdir-compat11.c b/lib/libc/gen/readdir-compat11.c index 606e15bd7b36..71c223f00b5a 100644 --- a/lib/libc/gen/readdir-compat11.c +++ b/lib/libc/gen/readdir-compat11.c @@ -95,7 +95,7 @@ freebsd11_readdir_r(DIR *dirp, struct freebsd11_dirent *entry, struct dirent xentry, *xresult; int error; - error = __readdir_r(dirp, &xentry, &xresult); + error = freebsd15_readdir_r(dirp, &xentry, &xresult); if (error != 0) return (error); if (xresult != NULL) { diff --git a/lib/libc/gen/readdir.c b/lib/libc/gen/readdir.c index 94d2b2e8d877..d0bbe72237e1 100644 --- a/lib/libc/gen/readdir.c +++ b/lib/libc/gen/readdir.c @@ -41,6 +41,8 @@ #include "gen-private.h" #include "telldir.h" +#include "gen-compat.h" + /* * get next entry in a directory. */ @@ -104,7 +106,7 @@ readdir(DIR *dirp) } int -__readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result) +freebsd15_readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result) { struct dirent *dp; int saved_errno; @@ -133,6 +135,4 @@ __readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result) return (0); } -__strong_reference(__readdir_r, readdir_r); -__warn_references(readdir_r, - "warning: this program uses readdir_r(), which is unsafe."); +__sym_compat(readdir_r, freebsd15_readdir_r, FBSD_1.5); diff --git a/lib/libc/tests/stdtime/detect_tz_changes_test.c b/lib/libc/tests/stdtime/detect_tz_changes_test.c index e3fdcc0baef7..6648d8498cc5 100644 --- a/lib/libc/tests/stdtime/detect_tz_changes_test.c +++ b/lib/libc/tests/stdtime/detect_tz_changes_test.c @@ -44,12 +44,6 @@ static const struct tzcase { static const time_t then = 1751328000; /* 2025-07-01 00:00:00 UTC */ -#ifdef DETECT_TZ_CHANGES -static const char *tz_change_interval_sym = "__tz_change_interval"; -static int *tz_change_interval_p; -static const int tz_change_interval = 3; -static int tz_change_timeout = 90; - static bool debugging; static void @@ -76,7 +70,7 @@ change_tz(const char *tzn) ATF_REQUIRE((zfd = open(zfn, O_DIRECTORY | O_SEARCH)) >= 0); ATF_REQUIRE((sfd = openat(zfd, tzn, O_RDONLY)) >= 0); - ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY)) >= 0); + ATF_REQUIRE((dfd = open(tfn, O_CREAT | O_TRUNC | O_WRONLY, 0644)) >= 0); do { clen = copy_file_range(sfd, NULL, dfd, NULL, SSIZE_MAX, 0); ATF_REQUIRE_MSG(clen != -1, "failed to copy %s/%s: %m", @@ -89,6 +83,42 @@ change_tz(const char *tzn) debug("time zone %s installed", tzn); } +static void +test_tz(const char *expect) +{ + char buf[128]; + struct tm *tm; + size_t len; + + ATF_REQUIRE((tm = localtime(&then)) != NULL); + len = strftime(buf, sizeof(buf), "%z (%Z)", tm); + ATF_REQUIRE(len > 0); + ATF_CHECK_STREQ(expect, buf); +} + +ATF_TC(thin_jail); +ATF_TC_HEAD(thin_jail, tc) +{ + atf_tc_set_md_var(tc, "descr", "Test typical thin jail scenario"); + atf_tc_set_md_var(tc, "require.user", "root"); +} +ATF_TC_BODY(thin_jail, tc) +{ + const struct tzcase *tzcase = tzcases; + + /* prepare chroot */ + ATF_REQUIRE_EQ(0, mkdir("root", 0755)); + ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755)); + change_tz(tzcase->tzfn); + /* enter chroot */ + ATF_REQUIRE_EQ(0, chroot("root")); + ATF_REQUIRE_EQ(0, chdir("/")); + /* check timezone */ + unsetenv("TZ"); + test_tz(tzcase->expect); +} + +#ifdef DETECT_TZ_CHANGES /* * Test time zone change detection. * @@ -106,6 +136,11 @@ change_tz(const char *tzn) * after we've received and discarded the first report from the child, * which should come almost immediately on startup. */ +static const char *tz_change_interval_sym = "__tz_change_interval"; +static int *tz_change_interval_p; +static const int tz_change_interval = 3; +static int tz_change_timeout = 90; + ATF_TC(detect_tz_changes); ATF_TC_HEAD(detect_tz_changes, tc) { @@ -281,15 +316,8 @@ ATF_TC_BODY(detect_tz_changes, tc) static void test_tz_env(const char *tzval, const char *expect) { - char buf[128]; - struct tm *tm; - size_t len; - setenv("TZ", tzval, 1); - ATF_REQUIRE((tm = localtime(&then)) != NULL); - len = strftime(buf, sizeof(buf), "%z (%Z)", tm); - ATF_REQUIRE(len > 0); - ATF_CHECK_STREQ(expect, buf); + test_tz(expect); } ATF_TC(tz_env); @@ -305,6 +333,31 @@ ATF_TC_BODY(tz_env, tc) test_tz_env(tzcase->tzfn, tzcase->expect); } +ATF_TC(setugid); +ATF_TC_HEAD(setugid, tc) +{ + atf_tc_set_md_var(tc, "descr", "Test setugid process"); + atf_tc_set_md_var(tc, "require.user", "root"); +} +ATF_TC_BODY(setugid, tc) +{ + const struct tzcase *tzcase = tzcases; + + /* prepare chroot */ + ATF_REQUIRE_EQ(0, mkdir("root", 0755)); + ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755)); + change_tz(tzcase->tzfn); + /* enter chroot */ + ATF_REQUIRE_EQ(0, chroot("root")); + ATF_REQUIRE_EQ(0, chdir("/")); + /* become setugid */ + ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY)); + ATF_REQUIRE(issetugid()); + /* check timezone */ + unsetenv("TZ"); + test_tz(tzcases->expect); +} + ATF_TC(tz_env_setugid); ATF_TC_HEAD(tz_env_setugid, tc) { @@ -314,7 +367,7 @@ ATF_TC_HEAD(tz_env_setugid, tc) } ATF_TC_BODY(tz_env_setugid, tc) { - const struct tzcase *tzcase; + const struct tzcase *tzcase = tzcases; ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY)); ATF_REQUIRE(issetugid()); @@ -324,12 +377,14 @@ ATF_TC_BODY(tz_env_setugid, tc) ATF_TP_ADD_TCS(tp) { -#ifdef DETECT_TZ_CHANGES debugging = !getenv("__RUNNING_INSIDE_ATF_RUN") && isatty(STDERR_FILENO); + ATF_TP_ADD_TC(tp, thin_jail); +#ifdef DETECT_TZ_CHANGES ATF_TP_ADD_TC(tp, detect_tz_changes); #endif /* DETECT_TZ_CHANGES */ ATF_TP_ADD_TC(tp, tz_env); + ATF_TP_ADD_TC(tp, setugid); ATF_TP_ADD_TC(tp, tz_env_setugid); return (atf_no_error()); } |