popt warning

Elan Ruusamäe glen at pld-linux.org
Tue Feb 23 20:21:13 CET 2016 

On 23.02.2016 20:24, Jeff Johnson wrote:
> On Feb 23, 2016, at 12:58 PM, Elan Ruusamäe wrote:
>
>> On 23.02.2016 19:42, Jeff Johnson wrote:
>>> On Feb 22, 2016, at 5:23 PM, Elan Ruusamäe wrote:
>>>
>>>> sometimes i see such message when building packages:
>>>>
>>>> warning: existing POPT configuration file "/usr/lib/rpm/rpmpopt:/usr/lib/rpm/%{_target}/rpmpopt:/etc/rpm/rpmpopt.*:/etc/rpm/rpm
>>>> popt:/etc/rpm/%{_target}/rpmpopt:~/.rpmpopt" considered INSECURE -- not loaded
>>>>
>>>> not always, i.e building same package i sometimes see this and sometimes do not.
>>>> rpm-5.4.15-31.x86_64
>>>>
>>>> any ideas what this is about?
>>> The intent is/was to have poptSaneFile() check permissions on files being read
>>> (non-zero is an error). The mechanism is dependent on adding a leading '@'
>>> to a file path.
>>>
>>> int poptSaneFile(const char * fn)
>>> {
>>>      struct stat sb;
>>>      uid_t uid = getuid();
>>>
>>>      if (stat(fn, &sb) == -1)
>>>          return 1;
>>>      if ((uid_t)sb.st_uid != uid)
>>>          return 0;
>>>      if (!S_ISREG(sb.st_mode))
>>>          return 0;
>>>      if (sb.st_mode & (S_IWGRP|S_IWOTH))
>>>          return 0;
>>>      return 1;
>>> }
>>>
>>> There may be other returns (from failure to read a file) in poptReadFile() that may trigger the message.
>> so, any of those files should be group or other writable to produce the warning...
>>
> Yes but ... the poptSaneFile() mechanism is "opt in", turned on with an '@' prefix on a file path.
>
>> ➔ for a in $(rpm -E /usr/lib/rpm/rpmpopt:/usr/lib/rpm/%{_target}/rpmpopt:/etc/rpm/rpmpopt.*:/etc/rpm/rpmpopt:/etc/rpm/%{_target}/rpmpopt:~/.rpmpopt|tr ':' ' '); do ls -ld $a; done
>> -rw-r--r-- 1 root root 20977 29. nov   14:30 /usr/lib/rpm/rpmpopt
>> ls: cannot access '/usr/lib/rpm/x86_64-linux/rpmpopt': No such file or directory
>> ls: cannot access '/etc/rpm/rpmpopt.*': No such file or directory
>> ls: cannot access '/etc/rpm/rpmpopt': No such file or directory
>> ls: cannot access '/etc/rpm/x86_64-linux/rpmpopt': No such file or directory
>> ls: cannot access '~/.rpmpopt': No such file or directory
>>
>>>>
> Not the right test: all files except the first mentioned as config files are permitted to be missing.
i just tried to show, that there's only one file (from system), none of 
the "user" files even exist.

> Something else is going on if this is recent behavior. All of this code in popt/rpm
> was written a long time ago.
>
> The non-reproducibility, and the claim that this is a recently changed behavior, also indicate
> that something else is happening.
>
> Are you running in a chroot with files that are being removed?

no. i'm running in vserver as non-root user. it may qualify as chroot, 
but not sure about files being removed part.

>
> Is there a signal being sent that is interrupting one of these system calls (in poptReadFile)

i first noticed it in a code that was invoked from in bash prompt:

rpm --define "_specdir $PWD" --specfile $specfile -q --qf '%{VERSION}\n' 
| head -n1

but later i noticed rpm/rpmbuild (invoked from pld builder script) the 
same message was displayed.


i don't  think anything else happened on system when i ran into this, 
but i can't be sure and it's not happening right now to debug anything 
further.

>      if ((nb = lseek(fdno, 0, SEEK_END)) == (off_t)-1
>       || lseek(fdno, 0, SEEK_SET) == (off_t)-1
>       || (b = (char*) calloc(sizeof(*b), (size_t)nb + 1)) == NULL
>       || read(fdno, (char *)b, (size_t)nb) != (ssize_t)nb)
>      {
>          int oerrno = errno;
>          (void) close(fdno);
>          errno = oerrno;
>          goto exit;
>      }
>      if (close(fdno) == -1)
>          goto exit;

More information about the pld-devel-en mailing list