lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250721054234.GN2672022@frogsfrogsfrogs>
Date: Sun, 20 Jul 2025 22:42:34 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: Sam James <sam@...too.org>
Cc: linux-ext4@...r.kernel.org, tytso@....edu
Subject: Re: [PATCH 2/5] fuse2fs: stop aliasing stderr with ff->err_fp

On Sun, Jul 20, 2025 at 11:51:35AM -0700, Darrick J. Wong wrote:
> On Sun, Jul 20, 2025 at 09:27:41AM +0100, Sam James wrote:
> > This seems to have introduced https://github.com/tytso/e2fsprogs/issues/235.
> 
> Heh, section 7.23.1 paragraph 4 of the latest C2y draft says that
> stdin/stdout/stderr “are expressions of type "pointer to FILE" that
> point to the FILE objects associated, respectively, with the standard
> error, input, and output streams.”
> 
> The use of "expression" should have been the warning sign that a symbol
> that can be mostly used as a pointer is not simply a pointer.
> 
> Later in footnote 318, they say [stdin/stdout/stderr] “need not be
> modifiable lvalues to which the value returned by the fopen function
> could be assigned.”
> 
> "need not be" is the magic phrasing that means musl and glibc are both
> following the spec.  IOWs, every C programmer should reduce the amount
> of brainpower they spend on their program's core algorithm so that they
> can all be really smart about this quirk.
> 
> So yeah, you're right.
> 
> But we could also do:
> 
> 	fd = open(logfile, O_WRONLY | O_CREAT | O_APPEND, 0666);
> 	dup2(fd, STDOUT_FILENO);
> 	dup2(fd, STDERR_FILENO);
> 
> and skip all this standards-worrying.  I would have just done that, but
> for fear that somewhere there might be a library that actually *does* do
> freopen and this trick won't work.
> 
> Yaaay, it's 2025 and we all still suuuuuuuck.

Oh wait no it turns out that libfuse obliterates std{in,out,err} in
fuse_daemonize() by opening /dev/null and using that exact trick.  So
the only reason why I was ever getting any FUSE2FS debug output
throughout *any* of the fuse+iomap development sprints was that glibc
lets you assign stdout/stderr directly.

freopen also won't work (at least on glibc) because its freopen
implementation uses the dup2 trick which will be undone by libfuse.

GREAT!  I only got to debug my program because OF A WEIRD GLIBC QUIRK!!

So the only way to actually fix this is to open whatever logging file we
want to use, and explicitly pass that around to every function that
wants to log a message or an error, because the libraries can't be
trusted not to fsck it all up.  libext2fs has a callback for any errors
that it wants to print, and that will have to do.

--D

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ