Hi Otto,
It is very late here, but thanks for your hint
about NAME_MAX.
I've been looking at the systrace sources trying
to figure out how it works and if there would be
any obvious path len issues that would pop-out.
I couldn't find any.
I took your suggestion to try and find a simple(er)
test-case. I created a directory with a very long
name where 'pwd | wc -c' returned 301. I placed a
patch.c file in there with a patch.c.diff file in
/tmp and run similar command to what is run in the
ports patch:
$ cd /tmp
$ /bin/systrace -e -i -a -f $longdirname/my.policy \
/usr/bin/patch -z .bak.orig -d $longdirname -E -p0 \
< patch.c.diff
I encounter the same problem I had reported.
The patch succeeds without the systrace.
I'm now starting to wonder if the problem may be in
the generated parse.c for systrace? Since the long
directory path, $WRKDIR, is in the systrace.policy
file which needs to get parsed.
I'm going to find me some Zzz, I need to be at work
in about 4 hrs :) I'll try to play with this more
this evening, that is if you don't find the problem
by then.
Thanks for your reply!
--patrick
--- Otto Moerbeek <[EMAIL PROTECTED]> wrote:
>
>
> On Fri, 22 Dec 2006, patrick ~ wrote:
>
> > Judging from the amount of noise this post made
> > I'm guessing that either a) no one cared or b) I
> > didn't supply enough relevant info for anyone to
> > bother to chime in with a hint or a pointer.
> >
> > I don't know much about systrace to be able to
> > make any realistic progress with this, but some
> > hints would be welcome.
> >
> >
> > One thing I do find interesting is that the files
> > patch fails on end up being 260 chars long (full
> > path) or longer with the ".bak.orig" extension.
> >
> >
> > $ env FLAVOR="hardened no_curl ..." make show=WRKDIR
> >
>
/usr/ports/www/php5/extensions/w-php-5.1.4-hardened-no_curl-no_dba-no_dbase-no_filepro-no_imap-no_ldap-no_mbstring-no_mysql-no_mysqli-no_ncurses-no_odbc-no_shmop-no_soap-no_snmp-no_sqlite-no_sybase_ct-no_xmlrpc-no_xsl
> >
> >
> > Which is 217 chars in length. Adding to that
> > "/php-5.1.4" (10 chars in length) gives 227.
> >
> > The shortest of the files that failed to patch
> > is 23 chars in length. The longest successfully
> > patched file is 22 chars in length. The patched
> > file is appended ".bak.orig" (9 chars long).
> >
> > So base path of 227 + '/' + 31 (longest patched
> > file length: 22 + 9) gives 259. Anything longer
> > seems to fail.
> >
> > It seems like a file-name length limit or something
> > along those lines that make patch fail when under
> > systrace.
>
> I find this interesting, I'll loo into this tonight. In the meantime,
> you could try to isolate a single test case: a source file and a patch
> file that fails. Tha would help me a lot. It looks like systrace is
> enforcing the file name length limit NAME_MAX (which is 255). Note
> that this is a different limit compared to PATH_MAX (which is 1024).
>
> -Otto
>
> >
> >
> >
> >
> > These are the files under ${WRKDIR}/php-5.1.4
> > that failed to patch:
> >
> > ext/mysqli/mysqli_nonapi.c
> > ext/session/mod_files.c
> > ext/session/php_session.h
> > ext/session/tests/014.phpt
> > ext/session/tests/015.phpt
> > ext/session/tests/018.phpt
> > ext/session/tests/019.phpt
> > ext/session/tests/020.phpt
> > ext/session/tests/021.phpt
> > ext/sqlite/sess_sqlite.c
> > backup ext/standard/basic_functions.c
> > ext/standard/config.w32
> > ext/standard/crypt_blowfish.c
> > ext/standard/php_standard.h
> > ext/varfilter/config.m4
> > ext/varfilter/php_varfilter.h
> > ext/varfilter/varfilter.c
> > main/hardened_globals.h
> > main/hardening_patch.m4
> > sapi/apache2filter/sapi_apache2.c
> > sapi/apache2handler/sapi_apache2.c
> > TSRM/tsrm_virtual_cwd.c
> > TSRM/tsrm_virtual_cwd.h
> > Zend/zend_builtin_functions.c
> > Zend/zend_execute_API.c
> > Zend/zend_language_scanner.l
> > Zend/zend_language_scanner.c
> > Zend/zend_vm_execute.skl
> > ext/bcmath/libbcmath/src/output.c
> > ext/bcmath/libbcmath/src/rt.c
> > main/php_open_temporary_file.c
> > ext/xmlrpc/libxmlrpc/encodings.c
> >
> >
> >
> > These are the successfully patched files
> > under ${WRKDIR}/php-5.1.4:
> >
> > ext/fbsql/php_fbsql.c.bak.orig
> > ext/mysql/php_mysql.c.bak.orig
> > ext/pgsql/pgsql.c.bak.orig
> > ext/session/mod_mm.c.bak.orig
> > ext/session/mod_user.c.bak.orig
> > ext/session/mod_user.h.bak.orig
> > ext/session/session.c.bak.orig
> > ext/sqlite/sqlite.c.bak.orig
> > ext/standard/array.c.bak.orig
> > ext/standard/config.m4.bak.orig
> > ext/standard/crypt.c.bak.orig
> > ext/standard/dl.c.bak.orig
> > ext/standard/file.c.bak.orig
> > ext/standard/file.h.bak.orig
> > ext/standard/head.c.bak.orig
> > ext/standard/info.c.bak.orig
> > ext/standard/sha256.c.bak.orig
> > ext/standard/sha256.h.bak.orig
> > ext/standard/syslog.c.bak.orig
> > ext/varfilter/CREDITS.bak.orig
> > TSRM/TSRM.h.bak.orig
> > Zend/zend.h.bak.orig
> > Zend/zend_vm_def.h.bak.orig
> > Zend/zend_alloc.c.bak.orig
> > Zend/zend_alloc.h.bak.orig
> > Zend/zend_API.h.bak.orig
> > Zend/zend.c.bak.orig
> > Zend/zend_canary.c.bak.orig
> > Zend/zend_compile.c.bak.orig
> > Zend/zend_compile.h.bak.orig
> > Zend/zend_constants.c.bak.orig
> > Zend/zend_errors.h.bak.orig
> > Zend/zend_execute.c.bak.orig
> > Zend/zend_extensions.c.bak.orig
> > Zend/zend_extensions.h.bak.orig
> > Zend/zend_globals.h.bak.orig
> > Zend/zend_hash.c.bak.orig
> > Zend/zend_hash.h.bak.orig
> > Zend/zend_llist.c.bak.orig
> > Zend/zend_llist.h.bak.orig
> > Zend/zend_modules.h.bak.orig
> > Zend/zend_opcode.c.bak.orig
> > Zend/zend_vm_execute.h.bak.orig
> > main/fopen_wrappers.c.bak.orig
> > main/hardening_patch.c.bak.orig
> > main/hardening_patch.h.bak.orig
> > main/main.c.bak.orig
> > main/php_config.h.in.bak.orig
> > main/php.h.bak.orig
> > main/php_variables.c.bak.orig
> > main/rfc1867.c.bak.orig
> > main/SAPI.c.bak.orig
> > main/SAPI.h.bak.orig
> > main/snprintf.c.bak.orig
> > main/spprintf.c.bak.orig
> > pear/Makefile.frag.bak.orig
> > sapi/cgi/cgi_main.c.bak.orig
> > sapi/cli/php_cli.c.bak.orig
> > sapi/apache/mod_php5.c.bak.orig
> > configure.bak.orig
> > configure.in.bak.orig
> > php.ini-dist.bak.orig
> > php.ini-recommended.bak.orig
> > run-tests.php.bak.orig
> >
> >
> >
> >
> > --- patrick ~ <[EMAIL PROTECTED]> wrote:
> >
> > > Hi,
> > >
> > > Been trying to build php5 on a 4.0 box I'm setting up.
> > > The system was installed using 4.0 CDs, then cvs updated
> > > using -rOPENBSD_4_0.
> > >
> > > I have:
> > >
> > > $ cat /et/mk.conf
> > > USE_SYSTRACE=Yes
> > >
> > > I'm including output of:
> > >
> > > $ sudo env PATCH_DEBUG=Y FLAVOR="hardened no_curl..." make patch
> > >
> > >
> > > output at the end of this email since that's where things
> > > go wrong. patch(1) complains with:
> > >
> > > Can't backup ext/mysqli/mysqli_noapi.c, output in /tmp/patchNOISE
> > >
> > >
> > > To verify my suspicion, I did a manual patch of the hardening
> > > patch which succeeds, and then using the _SYSTRACE_CMD which
> > > fails.
> >
> > [snip]
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
> >
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
