use acl_extended_file_nofollow() if available (#692823)

2011-07-29 15:12:18 +02:00 · 2011-07-29 15:12:18 +02:00 · c9c477adae
commit c9c477adae
parent 65b57c538d
2 changed files with 81 additions and 1 deletions
--- a/coreutils-acl-extended-file-nofollow.patch
+++ b/coreutils-acl-extended-file-nofollow.patch
@ -0,0 +1,74 @@
+From 95f7c57ff4090a5dee062044d2c7b99879077808 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka <at> redhat.com>
+Date: Fri, 22 Jul 2011 14:48:42 +0200
+Subject: [PATCH] file-has-acl: use acl_extended_file_nofollow if available
+
+* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
+(acl_extended_file): New macro.
+* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
+* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
+This addresses http://bugzilla.redhat.com/692823.
+---
+ lib/acl-internal.h |    6 ++++++
+ lib/file-has-acl.c |   10 +++++++++-
+ m4/acl.m4          |    2 +-
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/lib/acl-internal.h b/lib/acl-internal.h
+index b3160a7..b509666 100644
+--- a/lib/acl-internal.h
+++ b/lib/acl-internal.h
+@@ -133,6 +133,12 @@ rpl_acl_set_fd (int fd, acl_t acl)
+ #  endif
+
+ /* Linux-specific */
+#  ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+#   define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false
+#   define acl_extended_file_nofollow(name) (-1)
+#  endif
+
+/* Linux-specific */
+ #  ifndef HAVE_ACL_FROM_MODE
+ #   define HAVE_ACL_FROM_MODE false
+ #   define acl_from_mode(mode) (NULL)
+diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c
+index 3d4d5c1..2ee6ba2 100644
+--- a/lib/file-has-acl.c
+++ b/lib/file-has-acl.c
+@@ -366,12 +366,20 @@ file_has_acl (char const *name, struct stat const *sb)
+       /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
+       int ret;
+
+-      if (HAVE_ACL_EXTENDED_FILE) /* Linux */
+      if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
+         {
+#  if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+          /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
+             unnecessary mounts, but it returns the same result as we already
+             know that NAME is not a symbolic link at this point (modulo the
+             TOCTTOU race condition).  */
+          ret = acl_extended_file_nofollow (name);
+#  else
+           /* On Linux, acl_extended_file is an optimized function: It only
+              makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
+              ACL_TYPE_DEFAULT.  */
+           ret = acl_extended_file (name);
+#  endif
+         }
+       else /* FreeBSD, MacOS X, IRIX, Tru64 */
+         {
+diff --git a/m4/acl.m4 b/m4/acl.m4
+index d6a448a..ecf0384 100644
+--- a/m4/acl.m4
+++ b/m4/acl.m4
+@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL],
+            AC_CHECK_FUNCS(
+              [acl_get_file acl_get_fd acl_set_file acl_set_fd \
+               acl_free acl_from_mode acl_from_text \
+-              acl_delete_def_file acl_extended_file \
+              acl_delete_def_file acl_extended_file acl_extended_file_nofollow \
+               acl_delete_fd_np acl_delete_file_np \
+               acl_copy_ext_native acl_create_entry_np \
+               acl_to_short_text acl_free_text])
+--
+1.7.6.586.g302e6
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.12
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@ -32,6 +32,8 @@ Patch103: coreutils-8.2-uname-processortype.patch
 Patch104: coreutils-df-direct.patch
 #add note about mkdir --mode behaviour into info documentation(#610559)
 Patch107: coreutils-8.4-mkdir-modenote.patch
+#use acl_extended_file_nofollow if available (#692823)
+Patch108: coreutils-acl-extended-file-nofollow.patch

 # sh-utils
 #add info about TZ envvar to date manpage
@ -121,6 +123,7 @@ Libraries for coreutils package.
 %patch103 -p1 -b .sysinfo
 %patch104 -p1 -b .dfdirect
 %patch107 -p1 -b .mkdirmode
+%patch108 -p1 -b .nofollow

 # sh-utils
 %patch703 -p1 -b .dateman
@ -329,6 +332,9 @@ fi
 %{_libdir}/coreutils

 %changelog
+* Fri Jul 29 2011 Ondrej Vasik <ovasik@redhat.com> - 8.12-3
+- use acl_extended_file_nofollow() if available (#692823)
+
 * Fri Jul 15 2011 Ondrej Vasik <ovasik@redhat.com> - 8.12-2
 - support ecryptfs mount of Private (postlogin into su.pamd)
  (#722323)