diff mbox series

[hurd,commited] hurd: Use __trivfs_server_name instead of trivfs_server_name

Message ID 20220101165311.2197758-1-samuel.thibault@ens-lyon.org
State Committed, archived
Headers
Series [hurd,commited] hurd: Use __trivfs_server_name instead of trivfs_server_name |

Checks

Context Check Description
dj/TryBot-apply_patch fail Patch failed to apply to master at the time it was sent
dj/TryBot-32bit fail Patch series failed to apply

Commit Message

Samuel Thibault Jan. 1, 2022, 4:53 p.m. UTC 
  The latter violates namespace contraints
---
 sysdeps/mach/hurd/getrandom.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

Comments

Florian Weimer Jan. 1, 2022, 5:27 p.m. UTC | #1 
* Samuel Thibault:

> The latter violates namespace contraints
> ---
>  sysdeps/mach/hurd/getrandom.c | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/sysdeps/mach/hurd/getrandom.c b/sysdeps/mach/hurd/getrandom.c
> index 24f9ac60f7..76f2e900d2 100644
> --- a/sysdeps/mach/hurd/getrandom.c
> +++ b/sysdeps/mach/hurd/getrandom.c
> @@ -21,7 +21,7 @@
>  #include <unistd.h>
>  #include <not-cancel.h>
>  
> -extern char *trivfs_server_name __attribute__((weak));
> +extern char *__trivfs_server_name __attribute__((weak));
>  
>  /* Write up to LENGTH bytes of randomness starting at BUFFER.
>     Return the number of bytes written, or -1 on error.  */
> @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags)
>    size_t amount_read;
>    int fd;
>  
> -  if (&trivfs_server_name && trivfs_server_name
> -      && trivfs_server_name[0] == 'r'
> -      && trivfs_server_name[1] == 'a'
> -      && trivfs_server_name[2] == 'n'
> -      && trivfs_server_name[3] == 'd'
> -      && trivfs_server_name[4] == 'o'
> -      && trivfs_server_name[5] == 'm'
> -      && trivfs_server_name[6] == '\0')
> +  if (&__trivfs_server_name && __trivfs_server_name
> +      && __trivfs_server_name[0] == 'r'
> +      && __trivfs_server_name[1] == 'a'
> +      && __trivfs_server_name[2] == 'n'
> +      && __trivfs_server_name[3] == 'd'
> +      && __trivfs_server_name[4] == 'o'
> +      && __trivfs_server_name[5] == 'm'
> +      && __trivfs_server_name[6] == '\0')
>      /* We are random, don't try to read ourselves!  */
>      return length;

How does this work?  It's a new synbol name, so there's no definition,
so the weak reference is always null.
Samuel Thibault Jan. 1, 2022, 5:41 p.m. UTC | #2 
Florian Weimer, le sam. 01 janv. 2022 18:27:49 +0100, a ecrit:
> > @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags)
> >    size_t amount_read;
> >    int fd;
> >  
> > -  if (&trivfs_server_name && trivfs_server_name
> > -      && trivfs_server_name[0] == 'r'
> > -      && trivfs_server_name[1] == 'a'
> > -      && trivfs_server_name[2] == 'n'
> > -      && trivfs_server_name[3] == 'd'
> > -      && trivfs_server_name[4] == 'o'
> > -      && trivfs_server_name[5] == 'm'
> > -      && trivfs_server_name[6] == '\0')
> > +  if (&__trivfs_server_name && __trivfs_server_name
> > +      && __trivfs_server_name[0] == 'r'
> > +      && __trivfs_server_name[1] == 'a'
> > +      && __trivfs_server_name[2] == 'n'
> > +      && __trivfs_server_name[3] == 'd'
> > +      && __trivfs_server_name[4] == 'o'
> > +      && __trivfs_server_name[5] == 'm'
> > +      && __trivfs_server_name[6] == '\0')
> >      /* We are random, don't try to read ourselves!  */
> >      return length;
> 
> How does this work?  It's a new synbol name, so there's no definition,
> so the weak reference is always null.

It is peeking it from the program.

Basically the problem is that the random translator uses glibc, whose
malloc implementation started using /dev/random in glibc 2.34, thus
reading itself.

Samuel
Florian Weimer Jan. 1, 2022, 6:48 p.m. UTC | #3 
* Samuel Thibault via Libc-alpha:

> Florian Weimer, le sam. 01 janv. 2022 18:27:49 +0100, a ecrit:
>> > @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags)
>> >    size_t amount_read;
>> >    int fd;
>> >  
>> > -  if (&trivfs_server_name && trivfs_server_name
>> > -      && trivfs_server_name[0] == 'r'
>> > -      && trivfs_server_name[1] == 'a'
>> > -      && trivfs_server_name[2] == 'n'
>> > -      && trivfs_server_name[3] == 'd'
>> > -      && trivfs_server_name[4] == 'o'
>> > -      && trivfs_server_name[5] == 'm'
>> > -      && trivfs_server_name[6] == '\0')
>> > +  if (&__trivfs_server_name && __trivfs_server_name
>> > +      && __trivfs_server_name[0] == 'r'
>> > +      && __trivfs_server_name[1] == 'a'
>> > +      && __trivfs_server_name[2] == 'n'
>> > +      && __trivfs_server_name[3] == 'd'
>> > +      && __trivfs_server_name[4] == 'o'
>> > +      && __trivfs_server_name[5] == 'm'
>> > +      && __trivfs_server_name[6] == '\0')
>> >      /* We are random, don't try to read ourselves!  */
>> >      return length;
>> 
>> How does this work?  It's a new synbol name, so there's no definition,
>> so the weak reference is always null.
>
> It is peeking it from the program.
>
> Basically the problem is that the random translator uses glibc, whose
> malloc implementation started using /dev/random in glibc 2.34, thus
> reading itself.

I still don't understand.  Why isn't the condition always false?
Samuel Thibault Jan. 1, 2022, 6:58 p.m. UTC | #4 
Florian Weimer, le sam. 01 janv. 2022 19:48:21 +0100, a ecrit:
> * Samuel Thibault via Libc-alpha:
> >> > +  if (&__trivfs_server_name && __trivfs_server_name
> >> > +      && __trivfs_server_name[0] == 'r'
> >> > +      && __trivfs_server_name[1] == 'a'
> >> > +      && __trivfs_server_name[2] == 'n'
> >> > +      && __trivfs_server_name[3] == 'd'
> >> > +      && __trivfs_server_name[4] == 'o'
> >> > +      && __trivfs_server_name[5] == 'm'
> >> > +      && __trivfs_server_name[6] == '\0')
> >> >      /* We are random, don't try to read ourselves!  */
> >> >      return length;
> >> 
> >> How does this work?  It's a new synbol name, so there's no definition,
> >> so the weak reference is always null.
> >
> > It is peeking it from the program.
> >
> > Basically the problem is that the random translator uses glibc, whose
> > malloc implementation started using /dev/random in glibc 2.34, thus
> > reading itself.
> 
> I still don't understand.  Why isn't the condition always false?

The definition is in the random translator, which exports it in its
dynamic symbol table.

Samuel
Florian Weimer Jan. 1, 2022, 7:02 p.m. UTC | #5 
* Samuel Thibault:

> Florian Weimer, le sam. 01 janv. 2022 19:48:21 +0100, a ecrit:
>> * Samuel Thibault via Libc-alpha:
>> >> > +  if (&__trivfs_server_name && __trivfs_server_name
>> >> > +      && __trivfs_server_name[0] == 'r'
>> >> > +      && __trivfs_server_name[1] == 'a'
>> >> > +      && __trivfs_server_name[2] == 'n'
>> >> > +      && __trivfs_server_name[3] == 'd'
>> >> > +      && __trivfs_server_name[4] == 'o'
>> >> > +      && __trivfs_server_name[5] == 'm'
>> >> > +      && __trivfs_server_name[6] == '\0')
>> >> >      /* We are random, don't try to read ourselves!  */
>> >> >      return length;
>> >> 
>> >> How does this work?  It's a new synbol name, so there's no definition,
>> >> so the weak reference is always null.
>> >
>> > It is peeking it from the program.
>> >
>> > Basically the problem is that the random translator uses glibc, whose
>> > malloc implementation started using /dev/random in glibc 2.34, thus
>> > reading itself.
>> 
>> I still don't understand.  Why isn't the condition always false?
>
> The definition is in the random translator, which exports it in its
> dynamic symbol table.

Oh, so there is a companion patch that is not reflected in the glibc
sources?
Samuel Thibault Jan. 1, 2022, 7:11 p.m. UTC | #6 
Florian Weimer, le sam. 01 janv. 2022 20:02:12 +0100, a ecrit:
> * Samuel Thibault:
> 
> > Florian Weimer, le sam. 01 janv. 2022 19:48:21 +0100, a ecrit:
> >> * Samuel Thibault via Libc-alpha:
> >> >> > +  if (&__trivfs_server_name && __trivfs_server_name
> >> >> > +      && __trivfs_server_name[0] == 'r'
> >> >> > +      && __trivfs_server_name[1] == 'a'
> >> >> > +      && __trivfs_server_name[2] == 'n'
> >> >> > +      && __trivfs_server_name[3] == 'd'
> >> >> > +      && __trivfs_server_name[4] == 'o'
> >> >> > +      && __trivfs_server_name[5] == 'm'
> >> >> > +      && __trivfs_server_name[6] == '\0')
> >> >> >      /* We are random, don't try to read ourselves!  */
> >> >> >      return length;
> >> >> 
> >> >> How does this work?  It's a new synbol name, so there's no definition,
> >> >> so the weak reference is always null.
> >> >
> >> > It is peeking it from the program.
> >> >
> >> > Basically the problem is that the random translator uses glibc, whose
> >> > malloc implementation started using /dev/random in glibc 2.34, thus
> >> > reading itself.
> >> 
> >> I still don't understand.  Why isn't the condition always false?
> >
> > The definition is in the random translator, which exports it in its
> > dynamic symbol table.
> 
> Oh, so there is a companion patch that is not reflected in the glibc
> sources?

Yes, it's there:

http://git.savannah.gnu.org/cgit/hurd/hurd.git/commit/?id=8c5eb657ff196a31a3230652823221f3fe805d73

Samuel
diff mbox series

Patch

diff --git a/sysdeps/mach/hurd/getrandom.c b/sysdeps/mach/hurd/getrandom.c
index 24f9ac60f7..76f2e900d2 100644
--- a/sysdeps/mach/hurd/getrandom.c
+++ b/sysdeps/mach/hurd/getrandom.c
@@ -21,7 +21,7 @@ 
 #include <unistd.h>
 #include <not-cancel.h>
 
-extern char *trivfs_server_name __attribute__((weak));
+extern char *__trivfs_server_name __attribute__((weak));
 
 /* Write up to LENGTH bytes of randomness starting at BUFFER.
    Return the number of bytes written, or -1 on error.  */
@@ -33,14 +33,14 @@  __getrandom (void *buffer, size_t length, unsigned int flags)
   size_t amount_read;
   int fd;
 
-  if (&trivfs_server_name && trivfs_server_name
-      && trivfs_server_name[0] == 'r'
-      && trivfs_server_name[1] == 'a'
-      && trivfs_server_name[2] == 'n'
-      && trivfs_server_name[3] == 'd'
-      && trivfs_server_name[4] == 'o'
-      && trivfs_server_name[5] == 'm'
-      && trivfs_server_name[6] == '\0')
+  if (&__trivfs_server_name && __trivfs_server_name
+      && __trivfs_server_name[0] == 'r'
+      && __trivfs_server_name[1] == 'a'
+      && __trivfs_server_name[2] == 'n'
+      && __trivfs_server_name[3] == 'd'
+      && __trivfs_server_name[4] == 'o'
+      && __trivfs_server_name[5] == 'm'
+      && __trivfs_server_name[6] == '\0')
     /* We are random, don't try to read ourselves!  */
     return length;