| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Dec 2017 14:14:54 -0800
From: Douglas Anderson <dianders@...omium.org>
To: Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc: malat@...ian.org, dave.hansen@...el.com, yang.s@...baba-inc.com,
linux@...ck-us.net, Douglas Anderson <dianders@...omium.org>,
Matthias Kaehlcke <mka@...omium.org>,
Cao jin <caoj.fnst@...fujitsu.com>,
Arnd Bergmann <arnd@...db.de>,
Mark Charlebois <charlebm@...il.com>,
linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>
Subject: [PATCH v2 2/2] kbuild: Don't mess with the .cache.mk when installing
As pointed out by Masahiro Yamada people often run "sudo make install"
or "sudo make modules_install". In theory, that could cause a cache
file (or the directory containing it) to be created by root. After
doing this then subsequent invocations to make would yell with a whole
bunch of warnings like:
/bin/sh: ./.cache.mk: Permission denied
These yells would be mostly harmless (we'd just go on running without
the cache), but they're ugly.
The above situation would be fairly unlikely because it should only
happen if someone does "sudo make install" before doing a normal
"make", which is an invalid thing to do. If you did a normal "make"
before the "sudo make install" then all the cache files and
directories should have already been created by a normal user and,
even if the superuser needed to add to the existing files, we wouldn't
end up with a permission problem.
The above situation would also not have been catastrophic because
presumably if the user was able to run "sudo make install" then they
should also be able to run "sudo make clean" to clean things up.
However, even though the problem described is relatively minor, it
probably makes sense to add a heuristic to avoid creating cache files
when one of the make goals looks like an install. This heuristic
doesn't add a ton of overhead and it might save someone time tracking
down strange "Permission denied" messages. We'll consider this
heuristic good enough because the problem really shouldn't be that
serious.
Fixes: 3298b690b21c ("kbuild: Add a cache for generated variables")
Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>
Signed-off-by: Douglas Anderson <dianders@...omium.org>
---
Changes in v2: None
scripts/Kbuild.include | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index f7efb59d85d1..314585b3efe4 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -124,6 +124,12 @@ __sanitize-opt = $(subst $$,_,$(subst $(right_paren),_,$(subst $(left_paren),_,$
# previous invocation of make!) we'll return the value. If not, we'll
# compute it and store the result for future runs.
#
+# NOTE: we won't ever add to the cache if one of the make goals looks like
+# it is installing. Technically there's no reason we can't cache things
+# related to install but it's likely that 'make install' is called as root.
+# If we create the cache file as root we might have a hard time adding to it
+# (or deleting it in make clean).
+#
# This is a bit of voodoo, but basic explanation is that if the variable
# was undefined then we'll evaluate the shell command and store the result
# into the variable. We'll then store that value in the cache and finally
@@ -137,12 +143,14 @@ __sanitize-opt = $(subst $$,_,$(subst $(right_paren),_,$(subst $(left_paren),_,$
define __run-and-store
ifeq ($(origin $(1)),undefined)
$$(eval $(1) := $$(shell $$(2)))
+ifeq ($(filter %install,$(MAKECMDGOALS)),)
ifeq ($(create-cache-dir),1)
$$(shell mkdir -p $(dir $(make-cache)))
$$(eval create-cache-dir :=)
endif
$$(shell echo '$(1) := $$($(1))' >> $(make-cache))
endif
+endif
endef
__shell-cached = $(eval $(call __run-and-store,$(1)))$($(1))
shell-cached = $(call __shell-cached,__cached_$(call __sanitize-opt,$(1)),$(1))
--
2.15.1.620.gb9897f4670-goog
Powered by blists - more mailing lists