From: Simon Marchi <simark@simark.ca>
To: Tom Tromey <tom@tromey.com>, gdb-patches@sourceware.org
Subject: Re: [PATCH v2 6/6] Cache a copy of the user's shell on macOS
Date: Sat, 20 Oct 2018 02:35:00 -0000 [thread overview]
Message-ID: <122644af-7120-4b29-3138-d97d5443cbe0@simark.ca> (raw)
In-Reply-To: <20181018223100.20693-7-tom@tromey.com>
On 2018-10-18 6:31 p.m., Tom Tromey wrote:
> +/* If $SHELL is restricted, try to cache a copy. Starting with El
> + Capitan, macOS introduced System Integrity Protection. Among other
> + things, this prevents certain executables from being ptrace'd. In
> + particular, executables in /bin, like most shells, are affected.
> + To work around this, while preserving command-line glob expansion
> + and redirections, gdb will cache a copy of the shell. Return true
> + if all is well -- either the shell is not subject to SIP or it has
> + been successfully cached. Returns false if something failed. */
> +
> +static bool
> +maybe_cache_shell ()
> +{
> + /* SF_RESTRICTED is defined in sys/stat.h and lets us determine if a
> + given file is subject to SIP. */
> +#ifdef SF_RESTRICTED
> +
> + /* If a check fails we want to revert -- maybe the user deleted the
> + cache while gdb was running, or something like that. */
> + copied_shell = nullptr;
> +
> + const char *shell = get_shell ();
> + if (!IS_ABSOLUTE_PATH (shell))
> + {
> + warning (_("This version of macOS has System Integrity Protection.\n\
> +Normally gdb would try to work around this by caching a copy of your shell,\n\
> +but because your shell (%s) is not an absolute path, this is being skipped."),
> + shell);
> + return false;
> + }
> +
> + struct stat sb;
> + if (stat (shell, &sb) < 0)
> + {
> + warning (_("This version of macOS has System Integrity Protection.\n\
> +Normally gdb would try to work around this by caching a copy of your shell,\n\
> +but because gdb could not stat your shell (%s), this is being skipped.\n\
> +The error was: %s"),
> + shell, safe_strerror (errno));
> + return false;
> + }
> +
> + if ((sb.st_flags & SF_RESTRICTED) == 0)
> + return true;
> +
> + /* Put the copy somewhere like ~/Library/Caches/gdb/bin/sh. */
> + std::string new_name = get_standard_cache_dir ();
> + if (!IS_DIR_SEPARATOR (new_name.back ()) && !IS_ABSOLUTE_PATH (shell))
I mentioned something about this on the version of the patch, but you might
have missed it since you didn't reply to that specifically, so I'll send
it again just to be sure:
I believe this !IS_ABSOLUTE_PATH check can never be true, since we would
have returned early if it was the case? If so, this append is not needed
Simon
next prev parent reply other threads:[~2018-10-20 2:35 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-18 22:31 [PATCH v2 0/6] A different approach to startup-with-shell " Tom Tromey
2018-10-18 22:31 ` [PATCH v2 2/6] Move make_temp_filename to common/pathstuff.c Tom Tromey
2018-10-18 22:31 ` [PATCH v2 3/6] Move mkdir_recursive to common/filestuff.c Tom Tromey
[not found] ` <e334bc95-f650-c4c1-1817-7256636eb2f1@ericsson.com>
2018-10-29 22:16 ` Simon Marchi
2018-10-30 20:55 ` Tom Tromey
2018-10-30 21:04 ` Simon Marchi
2018-10-31 15:03 ` Tom Tromey
2018-11-01 19:44 ` Simon Marchi
2018-10-18 22:31 ` [PATCH v2 5/6] Do not reopen temporary files Tom Tromey
2018-10-18 22:31 ` [PATCH v2 1/6] Unify shell-finding logic Tom Tromey
2018-10-19 23:27 ` Sergio Durigan Junior
2018-10-27 17:41 ` Tom Tromey
2018-10-18 22:31 ` [PATCH v2 6/6] Cache a copy of the user's shell on macOS Tom Tromey
2018-10-20 2:35 ` Simon Marchi [this message]
2018-10-27 17:43 ` Tom Tromey
2018-10-18 22:31 ` [PATCH v2 4/6] Use mkostemp, not mkstemp Tom Tromey
2018-10-19 23:41 ` [PATCH v2 0/6] A different approach to startup-with-shell on macOS Sergio Durigan Junior
2018-10-27 17:58 ` Tom Tromey
-- strict thread matches above, loose matches on Subject: below --
2018-10-03 21:02 [PATCH 2 0/6] A different approach to starutp-with-shell " Tom Tromey
2018-10-03 21:02 ` [PATCH v2 6/6] Cache a copy of the user's shell " Tom Tromey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=122644af-7120-4b29-3138-d97d5443cbe0@simark.ca \
--to=simark@simark.ca \
--cc=gdb-patches@sourceware.org \
--cc=tom@tromey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox