xinstall: Validate numeric uids/gids
Needs ReviewPublic
Actions

Authored by jlduran on Tue, Jan 21, 7:38 PM.

Details

Reviewers

emaste
kevans
markj
guest-patmaddox

Summary

Extend the fix 4b04f5d7e8a2 ("install: Fix METALOG ouptut for numeric -o
and -g args") to validate the uid/gid falls between a valid range.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 62160
Build 59044: arc lint + arc unit

Event Timeline

jlduran created this revision.Tue, Jan 21, 7:38 PM

Herald added a subscriber: imp. · View Herald TranscriptTue, Jan 21, 7:38 PM

jlduran requested review of this revision.Tue, Jan 21, 7:38 PM

Harbormaster completed remote builds in B61877: Diff 149690.Tue, Jan 21, 7:38 PM

I personally prefer to commit the fix and the test together, however I have been instructed in the past to do it separately. If this is still the best practice, I will split it upon commit.

@guest-patmaddox has a proposal for this also, in https://github.com/freebsd/freebsd-src/pull/1552
PR: 283355

I personally prefer to commit the fix and the test together

That is my preference as well

In D48587#1108227, @emaste wrote:

@guest-patmaddox has a proposal for this also, in https://github.com/freebsd/freebsd-src/pull/1552
PR: 283355

Oh, thanks for the heads up!

Note that we sort-of rely on install not validating -o and -g in -U/-M mode for some uses (see discussion in D48506). In practice it wouldn't matter because uname root = uid 0 and gname wheel = gid 0 is generally going to be true regardless of whether we use the host's passwd file or (as we should) the target's, but for this to be done properly we need to plumb dbdir to certctl and anything else calling install -U -M. @jrtc27 offered to do that if nobody gets to it first. I will try to find time to look at it but also won't mind if someone gets to it first.

In D48587#1108226, @jlduran wrote:

I personally prefer to commit the fix and the test together, however I have been instructed in the past to do it separately. If this is still the best practice, I will split it upon commit.

I'm not aware of any particular guidance along these lines, aside from the general, "keep commits small self-contained." I often commit tests together with functional changes. The one reason I might avoid that is if I want to ensure that a bug fix can be backported easily, e.g., in response to a secteam@ report.

In D48587#1108230, @emaste wrote:

Note that we sort-of rely on install not validating -o and -g in -U/-M mode for some uses (see discussion in D48506).

Yes, I think this should be a feature and not a bug. -U and -o/-g without -M makes no sense.

In D48587#1108227, @emaste wrote:

@guest-patmaddox has a proposal for this also, in https://github.com/freebsd/freebsd-src/pull/1552
PR: 283355

This revision proposes a different approach, more in-line with the current status, and avoids producing an invalid spec file when bogus uids/gids are used (e.g., -1). If it turns out this is the desired approach, I will also document it in the man page, as it is ambiguous at the moment.

markj added inline comments.Thu, Jan 23, 2:28 PM