For discussion of Alpine Linux development and developer support

1

[alpine-devel] APK Tools does not ensure fchmodat/fchownat succeed

A. Wilcox
Details
Message ID
<e2ac086f-ce6a-45fa-ff18-bce74e60ad0b@adelielinux.org>
Sender timestamp
1550686737
DKIM signature
missing
Download raw message
update_permissions in src/database.c does not check the return value of
fchmodat nor fchownat.  There are a number of reasons it could fail:

- EIO, disk I/O error

- ENOMEM, memory was exhausted while apk was running

- others, though they are much more theoretical (abuild-apk shim hitting
EPERM, a bad package causing ELOOP, a filesystem corruption causing the
FS to go R/O while apk is running causing EROFS)

This also causes a build failure when building on glibc (because glibc
marks these functions as having return values that cannot be ignored).

I think it would be a good idea to ensure these calls succeed and set
the package as having an error if it isn't (so that a reinstallation can
be attempted).  But I don't know if there is a reason they are ignored.

I also am not familiar enough with apk-tools to be confident in the
proper way to set error (don't even know if ipkg is accessible from
update_permissions which seems like the main way an error is set).

Thanks,
--arw

-- 
A. Wilcox (awilfox)
Project Lead, Adélie Linux
https://www.adelielinux.org
Natanael Copa
Details
Message ID
<20190314160728.00fdd9b5@ncopa-desktop.copa.dup.pw>
In-Reply-To
<e2ac086f-ce6a-45fa-ff18-bce74e60ad0b@adelielinux.org> (view parent)
Sender timestamp
1552576048
DKIM signature
missing
Download raw message
On Wed, 20 Feb 2019 12:18:57 -0600
"A. Wilcox" <awilfox@adelielinux.org> wrote:

> update_permissions in src/database.c does not check the return value of
> fchmodat nor fchownat.  There are a number of reasons it could fail:
> 
> - EIO, disk I/O error
> 
> - ENOMEM, memory was exhausted while apk was running
> 
> - others, though they are much more theoretical (abuild-apk shim hitting
> EPERM, a bad package causing ELOOP, a filesystem corruption causing the
> FS to go R/O while apk is running causing EROFS)
> 
> This also causes a build failure when building on glibc (because glibc
> marks these functions as having return values that cannot be ignored).
> 
> I think it would be a good idea to ensure these calls succeed and set
> the package as having an error if it isn't (so that a reinstallation can
> be attempted).  But I don't know if there is a reason they are ignored.
> 
> I also am not familiar enough with apk-tools to be confident in the
> proper way to set error (don't even know if ipkg is accessible from
> update_permissions which seems like the main way an error is set).

I think this is something we should fix.

Can you please create an issue on bugs.alpinelinux.org, and maybe send
a proposal for a patch (if you have any). I suspect it will be easier
to give feedback on a patch.

> Thanks,
> --arw
>