kconfiglib.py _save_old() may rename /dev/null -- replacing /dev/null with a file #31362

domo141 · 2021-01-15T16:57:41Z

Describe the bug

the kconfiglib.py _save_old("/dev/null") may actually, unexpectly, succeed.

afterwards /dev/null was opened for writing as a (new) file

To Reproduce
Steps to reproduce the behavior:

mkdir build; cd build
cmake -DBOARD=board_xyz
ls -l /dev/null
cat /dev/null

Expected behavior

/dev/null is still device node

Impact

/dev/null is a file, with kconfig content

What impact does this issue have on your progress

host code that opened /dev/null as config file got "garbage"

Environment (please complete the following information):

a docker container (not as root, but probably enough capabilites to rename /dev/null)

zephyr v1.14 -- but after investigating main in 2021-01 it still can happen

** how to fix **

if not os.path.isfile(path) return to skip rename if path does not point to a file
(either directly, or via symlink)

The text was updated successfully, but these errors were encountered:

nashif · 2021-01-19T18:21:13Z

@domo141 Can you please submit a PR with the proposed fix?

domo141 · 2021-01-19T22:01:57Z

Created (as usual, change was simple, comments and commit message hard)...

#31438: based on commit msgs ulfalizer may (or may not) follow up soon...

nashif · 2021-01-23T06:24:03Z

lowering priority as this happens only if /dev/null is writable or as root, which is not recommended.

The _save_old() to return early if <filename> is not file (or symlink to a file). This is simplest alternative to avoid attempt to rename /dev/null (which could succeed). This also keeps fifos (perhaps nonexistent potential usage but this is nicer). If <filename> were directory or socket, after shutil.copyfile(), writing to the file (by caller, _write_config()), would fail. Fixes zephyrproject-rtos#31362 Co-authored-by: Marti Bolivar <[email protected]> Signed-off-by: Tomi Ollila <[email protected]>

The _save_old() to return early if <filename> is not file (or symlink to a file). This is simplest alternative to avoid attempt to rename /dev/null (which could succeed). This also keeps fifos (perhaps nonexistent potential usage but this is nicer). If <filename> were directory or socket, after shutil.copyfile(), writing to the file (by caller, _write_config()), would fail. Fixes #31362 Co-authored-by: Marti Bolivar <[email protected]> Signed-off-by: Tomi Ollila <[email protected]>

domo141 added the bug The issue is a bug, or the PR is fixing a bug label Jan 15, 2021

nashif added the priority: medium Medium impact/importance bug label Jan 19, 2021

nashif mentioned this issue Jan 20, 2021

kconfig: kconfiglib.py: Backup files only #31438

Merged

nashif added priority: low Low impact/importance bug and removed priority: medium Medium impact/importance bug labels Jan 23, 2021

domo141 mentioned this issue Jan 27, 2021

kconfig: kconfiglib.py: Backup files only ulfalizer/Kconfiglib#101

Open

nashif closed this as completed in #31438 Jan 28, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kconfiglib.py _save_old() may rename /dev/null -- replacing /dev/null with a file #31362

kconfiglib.py _save_old() may rename /dev/null -- replacing /dev/null with a file #31362

domo141 commented Jan 15, 2021

nashif commented Jan 19, 2021 •

edited

Loading

domo141 commented Jan 19, 2021

nashif commented Jan 23, 2021

kconfiglib.py _save_old() may rename /dev/null -- replacing /dev/null with a file #31362

kconfiglib.py _save_old() may rename /dev/null -- replacing /dev/null with a file #31362

Comments

domo141 commented Jan 15, 2021

nashif commented Jan 19, 2021 • edited Loading

domo141 commented Jan 19, 2021

nashif commented Jan 23, 2021

nashif commented Jan 19, 2021 •

edited

Loading