Re: [OE-core] [PATCH] systemd: Fix build on musl

From: "Andre McCurdy" <armccurdy@gmail.com>
To: Luca Bocassi <luca.boccassi@gmail.com>
Cc: OE-core <openembedded-core@lists.openembedded.org>,
	Khem Raj <raj.khem@gmail.com>
Subject: Re: [OE-core] [PATCH] systemd: Fix build on musl
Date: Thu, 29 Jul 2021 12:11:21 -0700	[thread overview]
Message-ID: <CAJ86T=WgmhDG1OpB3CVf9EtRtxA0hFimKmXod4tcTX3NX1j54w@mail.gmail.com> (raw)
In-Reply-To: <423aed88f51b09d6342089f4b02dc9d62bbdb413.camel@gmail.com>

On Thu, Jul 29, 2021 at 6:49 AM Luca Bocassi <luca.boccassi@gmail.com> wrote:
>
> Having a look at the patches, a few comments:
>
> - 0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch I find
> quite worrying, as it fundamentally changes access patterns, some of
> which are done for security reasons. At best, this will cause
> completely different runtime behaviours for the same filesystem
> depending on the libc implementation, which doesn't sound great?

I wrote a long and verbose comment when I created the patch which
tries to document any differences in runtime behaviour.

  ----
  Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right thing to
  do and it's not portable (not supported by musl). See:

    http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html
    http://www.openwall.com/lists/musl/2015/02/05/2

  Note that laccess() is never passing AT_EACCESS so a lot of the discussion in
  the links above doesn't apply. Note also that (currently) all systemd callers
  of laccess() pass mode as F_OK, so only check for existence of a file, not
  access permissions. Therefore, in this case, the only distiction between
  faccessat() with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the
  behaviour for broken symlinks; laccess() on a broken symlink will succeed
  with (flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0).

  The laccess() macros was added to systemd some time ago and it's not clear if
  or why it needs to return success for broken symlinks. Maybe just historical
  and not actually necessary or desired behaviour?
  ----

If that comment is now out of date or something is missing then please
send a patch to update it.

However looking at this patch again now, it appears to have got broken
during a past rebase:

  https://git.openembedded.org/openembedded-core/commit/?id=e8dd5a36bf2f1e645fb2ff15eb3b5e97c04776e6

The upstream code changed from:

  #define laccess(path, mode) faccessat(AT_FDCWD, (path), (mode),
AT_SYMLINK_NOFOLLOW)

to

  #define laccess(path, mode)                                             \
          (faccessat(AT_FDCWD, (path), (mode), AT_SYMLINK_NOFOLLOW) <
0 ? -errno : 0)

but the replacement version in the patch still returns the raw result
from faccessat(). That looks like an issue.