lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 17 Dec 2021 14:55:52 +0000
From:   Suzuki K Poulose <suzuki.poulose@....com>
To:     carsten.haitzler@...s.arm.com, linux-kernel@...r.kernel.org
Cc:     coresight@...ts.linaro.org, mathieu.poirier@...aro.org,
        mike.leach@...aro.org, leo.yan@...aro.org,
        inux-perf-users@...r.kernel.org, acme@...nel.org
Subject: Re: [PATCH 01/12] perf test: Shell - Limit to only run executable
 scripts in tests

On 15/12/2021 16:03, carsten.haitzler@...s.arm.com wrote:
> From: Carsten Haitzler <carsten.haitzler@....com>
> 
> Perf test's shell runner will just run everything in the tests
> directory (as long as it's not another directory or does not begin
> with a dot), but sometimes you find files in there that are not shell
> scripts - perf.data output for example if you do some testing and then
> the next time you run perf test it tries to run these. Check the files
> are executable so they are actually intended to be test scripts and
> not just some "random junk" files there.
> 
> Signed-off-by: Carsten Haitzler <carsten.haitzler@....com>
> ---
>   tools/perf/tests/builtin-test.c |  4 +++-
>   tools/perf/util/path.c          | 12 ++++++++++++
>   tools/perf/util/path.h          |  1 +
>   3 files changed, 16 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/perf/tests/builtin-test.c b/tools/perf/tests/builtin-test.c
> index 8cb5a1c3489e..ece272b55587 100644
> --- a/tools/perf/tests/builtin-test.c
> +++ b/tools/perf/tests/builtin-test.c
> @@ -295,7 +295,9 @@ static const char *shell_test__description(char *description, size_t size,
>   
>   #define for_each_shell_test(entlist, nr, base, ent)	                \
>   	for (int __i = 0; __i < nr && (ent = entlist[__i]); __i++)	\
> -		if (!is_directory(base, ent) && ent->d_name[0] != '.')
> +		if (!is_directory(base, ent) && \
> +			is_executable_file(base, ent) && \
> +			ent->d_name[0] != '.')

If we reorder the checks, we could potentially avoid a few
syscalls for hidden items. i.e., if we do ent->d_name[0] != '.'
first.

>   
>   static const char *shell_tests__dir(char *path, size_t size)
>   {
> diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c
> index caed0336429f..7dde8c230ae8 100644
> --- a/tools/perf/util/path.c
> +++ b/tools/perf/util/path.c
> @@ -92,3 +92,15 @@ bool is_directory(const char *base_path, const struct dirent *dent)
>   
>   	return S_ISDIR(st.st_mode);
>   }
> +
> +bool is_executable_file(const char *base_path, const struct dirent *dent)
> +{
> +	char path[PATH_MAX];
> +	struct stat st;
> +
> +	sprintf(path, "%s/%s", base_path, dent->d_name);

Should this be snprintf() for additional safety ?

> +	if (stat(path, &st))
> +		return false;
> +
> +	return !S_ISDIR(st.st_mode) && (st.st_mode & S_IXUSR);

Otherwise looks good to me.

Suzuki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ