Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upDon't use env::current_exe with libbacktrace #33554
Conversation
rust-highfive
assigned
alexcrichton
May 11, 2016
alexcrichton
reviewed
May 11, 2016
| // down that executable this is. We can't use env::current_exe because | ||
| // libbacktrace will break in unboundedly horrible ways if the file at that | ||
| // path doesn't actually correspond to this process at the time we look at | ||
| // it. |
This comment has been minimized.
This comment has been minimized.
alexcrichton
May 11, 2016
Member
Could you elaborate here and indicate that it's a security concern for not reading an arbitrary executable? Basically emphasize the facts of:
- You can probably trick
current_exeto point at any file, or rather that's the worst case. - There's been at least one bug reported in libbacktrace for corrupt dwarf info
- We don't know of any other vulnerabilities, but at worse we assume that arbitrary code execution is possible with corrupt dwarf info to libbacktrace (until we find evidence to the contrary)
And thus we don't pass a pathname to libbacktrace
This comment has been minimized.
This comment has been minimized.
|
I agree with the comment of @alexcrichton. I expect also some tests should be marked ignored for some platforms (like |
sfackler
force-pushed the
sfackler:no-current-exe
branch
from
f07835c
to
9c2e691
May 11, 2016
This comment has been minimized.
This comment has been minimized.
|
Updated. I fixed run-pass/backtrace-debuginfo.rs - I guess we'll let the builders find out what other tests need to be fixed. |
This comment has been minimized.
This comment has been minimized.
Manishearth
added a commit
to Manishearth/rust
that referenced
this pull request
May 12, 2016
bors
added a commit
that referenced
this pull request
May 12, 2016
eddyb
added a commit
to eddyb/rust
that referenced
this pull request
May 12, 2016
bors
added a commit
that referenced
this pull request
May 12, 2016
Manishearth
added a commit
to Manishearth/rust
that referenced
this pull request
May 12, 2016
bors
added a commit
that referenced
this pull request
May 12, 2016
This comment has been minimized.
This comment has been minimized.
|
This is probably the cause for http://buildbot.rust-lang.org/builders/auto-win-gnu-64-nopt-t/builds/4202/steps/test/logs/stdio. (rollup #33589) |
sfackler
force-pushed the
sfackler:no-current-exe
branch
from
9c2e691
to
9393e52
May 12, 2016
This comment has been minimized.
This comment has been minimized.
|
Thanks, fixed. @bors r=alexcrichton |
This comment has been minimized.
This comment has been minimized.
|
|
bors
added a commit
that referenced
this pull request
May 12, 2016
eddyb
added a commit
to eddyb/rust
that referenced
this pull request
May 13, 2016
sfackler
added
the
beta-nominated
label
May 14, 2016
Manishearth
added a commit
to Manishearth/rust
that referenced
this pull request
May 14, 2016
bors
added a commit
that referenced
this pull request
May 14, 2016
bors
merged commit 9393e52
into
rust-lang:master
May 14, 2016
1 check passed
continuous-integration/travis-ci/pr
The Travis CI build passed
Details
sfackler
deleted the
sfackler:no-current-exe
branch
May 15, 2016
alexcrichton
added
the
beta-accepted
label
May 16, 2016
This comment has been minimized.
This comment has been minimized.
|
Accepted for backport at libs triage |
aturon
added a commit
that referenced
this pull request
May 17, 2016
alexcrichton
removed
the
beta-nominated
label
May 18, 2016
retep998
referenced this pull request
May 31, 2016
Closed
Rust stack backtrace filled with unknown on Windows 8.1 #33985
hoodie
reviewed
Jul 18, 2016
| // be in "permanent memory", so we copy it to a static and then use the | ||
| // static as the pointer. | ||
| // Things don't work so well on not-Linux since libbacktrace can't track | ||
| // down that executable this is. We at one point used env::current_exe but |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
sfackler commentedMay 11, 2016
If the path we give to libbacktrace doesn't actually correspond to the
current process, libbacktrace will segfault at best.
cc #21889
r? @alexcrichton
cc @semarie