On OpenBSD-current, clang emits a warning message to standard output for the use of strcpy, e.g.:
_errors.c(/tmp/_errors-673190.o:(main)): warning: strcpy() is almost always misused, please use strlcpy()
This message makes it into the Go source being created, causing gofmt to error on the invalid syntax, and leaving the zerrors file empty.
Using strlcpy would be preferred here, but strncpy is enough to silence this message, and is more portable.
Change-Id: I16404d74c4406dadda87f211fc0ba062de0d11ac
GitHub-Last-Rev: a43b6fbc1b
GitHub-Pull-Request: golang/sys#147
Reviewed-on: https://go-review.googlesource.com/c/sys/+/468399
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: David Chase <drchase@google.com>
Implementation generated directly with mkwinsyscall has a wrong
assumption about the expected value for PIDs buffer size.
This change adds some small manual code that converts the input
slice length to the number of bytes of the array backing the slice.
A test is also added. It fails with the previous implementation.
Fixesgolang/go#60223
Change-Id: I5e2414acb29c6c949e5e6acd328043f8a8883887
Reviewed-on: https://go-review.googlesource.com/c/sys/+/495995
Commit-Queue: Quim Muntal <quimmuntal@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Notably, the DisplayName field was set to the same thing in both
sys.TestExample and mrg.TestMyService, which may explain the collision
reported in golang/go#59298.
Moreover, the adjective ”my” conveys no information whatsoever — we
shouldn't use it in tests or examples.
Also skip the tests that install services if GO_BUILDER_NAME is not
set, to reduce the likelihood of 'go test all' in a user's working
directory being mistaken for a malicious or compromised program.
Fixesgolang/go#59298.
Change-Id: Ib00bf7400bfaa34e1a1d49125c43b97019b53c82
Reviewed-on: https://go-review.googlesource.com/c/sys/+/481015
Reviewed-by: Carlos Amedee <carlos@golang.org>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
The existing uintptr arithmetic is arguably valid because the
environment block is not located within the Go heap
(see golang/go#58625).
However, unsafe.Add (added in Go 1.17) expresses the same logic with
fewer conversions, and in addition avoids triggering the unsafeptr
vet check.
For golang/go#41205.
Change-Id: Ifc509279a13fd707be570908ec779d8518b4f75b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/492415
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
DecomposeCommandLine is documented to use CommandLineToArgv, and the
CommandLineToArgvW system call inherently does not support strings with
internal NUL bytes. This CL changes DecomposeCommandLine to reject those
strings with an error instead of panicking.
Fixesgolang/go#58817
Change-Id: I22a026bf2e69344a21f04849c50ba19b6e7b2007
Reviewed-on: https://go-review.googlesource.com/c/sys/+/487695
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
Instead of defining a dedicated type goIovec with the correct *byte type
for its Base field like CL 412496 did, modify the Base field of the
original type Iovec (generated from struct iovec) in mkpost.go. This is
akin to how we already change []int8 to []byte for several other types.
Fixesgolang/go#55997
Change-Id: If30799bb2bfe6d17678370b45348ff0b7c5de2e9
Reviewed-on: https://go-review.googlesource.com/c/sys/+/484635
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
mkpost.go is platform independent and can in principle be run on a GOOS
other than the one we're generating the syscall wrappers for. Allow
overriding GOOS by setting GOOS_TARGET, similar to other generator
programs in the repo. This e.g. allows testing mkpost.go changes on a
different GOOS.
Follows CL 256278 which did the same for mksyscall.go
Change-Id: Ib99aa5cd266f7d27543cf9433cfb028f367eef63
Reviewed-on: https://go-review.googlesource.com/c/sys/+/484636
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: David Chase <drchase@google.com>
This method allows a user to list all Windows services which are
dependent upon a given service.
This commit makes use of the EnumDependentServices Windows API call.
Without this, a user would have to iterate through each service on the
system, and check if the given service is listed in each service's
dependencies list.
The implementation of ListDependentServices is mostly the same as
Mgr.ListServices, as the API calls behave in the same way.
Fixesgolang/go#56766
Change-Id: I9ec18c97afd02f48deef691ccdd5c26d6501add1
Reviewed-on: https://go-review.googlesource.com/c/sys/+/451363
Reviewed-by: Than McIntosh <thanm@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
The setattrlist() function can be used to mutate the attributes of files through a single call. For example, one can perform a chmod(), chown(), chflags(), [...] all at once.
This change also adds bindings for the UF_* and SF_* flags that are accepted by chflags(). This makes it possible to use setattrlist() to perform the equivalent of lchflags(), for which we currently have no binding.
Change-Id: Ib5a604503a984b95a02b65ad1a437246cd170584
GitHub-Last-Rev: 45dd9d475a
GitHub-Pull-Request: golang/sys#155
Reviewed-on: https://go-review.googlesource.com/c/sys/+/481815
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
On Solaris, AIX, and zOS, the req argument of ioctl() is a signed int,
not an unsigned long like on other platforms, which means many constants
are negative, causing friction when passing them to a uint argument.
Correct the signature of these functions to pass the req argument as
signed, just like libc.
Fixesgolang/go#59030.
Change-Id: Ia14e92a150f4b5fb9488c5032ca296cb786e9811
Reviewed-on: https://go-review.googlesource.com/c/sys/+/476515
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Nahum Shalman <nahamu@gmail.com>
As of Go 1.21 syscall.Setrlimit and syscall.prlimit can affect
starting a new process, by restoring the original NOFILE rlimit.
That is recorded locally in the syscall package, so just always
call the syscall functions.
For golang/go#46279
Change-Id: I2f3dafe5562a7dde1297bad6f5d34a80af5d620b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/476695
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
CL 469835 broke the syscall wrapper generation on linux and freebsd by
generating a wrapper for the inexistent SYS_PTRACE_PTR syscall. The
ptracePtr added by CL 469835 correctly uses SYS_PTRACE, likely because
it was manually edited in that CL. However, the incorrect SYS_PTRACE_PTR
syscall is used when regenerating the syscall wrappers.
Change-Id: I270d66511f926d30a9d347930e977a026e033998
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470175
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Go 1.19 incorporates the functionality of execabs directly.
If it has already reported an error, don't report our own error.
In particular Go 1.19 moved the error from lookPathErr to Err.
The code was already checking to not override lookPathErr.
With this change we also do not override Err.
Tested with Go 1.17 through Go 1.20.
Fixesgolang/go#58606
Change-Id: I110127a3925f3800cc058d93e704604a59aa38f7
Reviewed-on: https://go-review.googlesource.com/c/sys/+/469735
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
CL 126516 added support for flags argument, implemented in the same way
as glibc does (it tries to guess what the kernel would do).
CL 246537 added using faccess2(2) Linux syscall which supports the flags
directly. For older kernels, though, the syscall is not available, and
the code uses glibc-like fallback.
There is one very specific scenario in which the fallback fails.
The scenario involves all these conditions:
- no faccessat2 support available (i.e. either Linux kernel < 5.8,
or a seccomp set up to disable faccessat2);
- the current user is not root (i.e. geteuid() != 0);
- CAP_DAC_OVERRIDE capability is set for the current process;
- the file to be executed does not have executable permission
bit set for either the current EUID or EGID;
- the file to be executed have at least one executable bit set.
Unfortunately, this set of conditions was observed in the wild -- a
container run as a non-root user with the binary file owned by root with
executable permission set for a user only [1]. Essentially it means it
is not as rare as it may seem.
Now, CAP_DAC_OVERRIDE essentially makes the kernel bypass most of the
checks, so execve(2) and friends work the same was as for root user,
i.e. if at least one executable bit it set, the permission to execute
is granted (see generic_permission() function in the Linux kernel).
Modify the code to check for CAP_DAC_OVERRIDE and mimic the kernel
behavior for permission checks.
This is essentially the same fix as CL 468735 for Go syscall package.
Tested on CentOS 7 with the repro similar to the one from [2].
[1] https://github.com/opencontainers/runc/issues/3715
[2] https://github.com/golang/go/issues/58552#issuecomment-1432505621
Change-Id: I726b6acab6a6e6d0358ef98e6a582b405c347614
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Reviewed-on: https://go-review.googlesource.com/c/sys/+/468877
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
In CL 419915, both pointer fields of the PtraceIoDesc struct were
converted to type uintptr to address golang/go#54113.
However, that change was overzealous: the fix needed to convert fields
that refer to addresses in the child process, but the Addr field of
PtraceIoDesc is not even in the child process! It is instead an
address in the parent (Go) process.
Go's unsafe.Pointer rules prohibit converting a Go pointer to a
uintptr except when immediately converting back to an unsafe.Pointer
or calling a system call. Populating a PtraceIoDesc struct is neither
of those things, so converting the Addr field to uintptr introduced a
use-after-free bug.
This change reverts the change to the Addr field from CL 419915 and
consolidates the implementation of PtraceIO to reduce the the amount
of code that varies with GOARCH.
This change does not address the remaining ptrace uintptr bug
(golang/go#58387), which is also present in the Linux implementation.
Fixesgolang/go#58351.
Updates golang/go#54113.
For golang/go#41205.
Change-Id: I14bdb4af42130aa7b4375e3f53fd1a0435f14307
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465676
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Despite having the misleading type "void*" in the C API, the "offs"
field of the ptrace_io_desc struct is an offset within the child
process, and thus is not necessarily a valid pointer at all in the
parent process. The Go unsafe.Pointer type must refer only to valid
pointers, so converting this field through unsafe.Pointer is incorrect
and (in some cases) dangerous.
While we're here, let's also rename the "addr" function argument to
"offs", since that's the corresponding ptrace_io_desc field. It's very
confusing to have a function argument named "attr" that doesn't map to
the struct field of the same name!
For golang/go#58351.
Change-Id: Id899f823e8d398b51fb0c42f466d7ae2f957c26b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465675
Run-TryBot: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
The purpose of the _zero variable is to provide a valid address for a
pointer to an array of length zero. All other uses of the variable
take its address, but one reference to it (added in CL 147850043)
converts the variable (which has type uintptr) directly to an
unsafe.Pointer, producing a nil pointer instead of a non-nil pointer
to a zero-length array.
This typo is caught by 'go vet', but was masked for a long time by the
numerous false-positive warnings for the same check (#41205).
For golang/go#41205.
Change-Id: Ib3bebfadc6fc5574db19630169ff3f65da857bdd
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465597
Reviewed-by: David Chase <drchase@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
The os/signal package drops signal notifications if the channel is not
ready to receive immediately. To avoid dropping signals (for example,
while processing the other branch of a 'select'), the channel must be
buffered.
This fixes a mistake flagged by 'go vet ./...'.
Change-Id: I2a20dbe2aa27ae8ec009fff5e7be47e4409fdddd
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465595
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
