From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6188A1581D3 for ; Mon, 27 May 2024 20:03:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A722EE2A53; Mon, 27 May 2024 20:02:54 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 712BEE2A53 for ; Mon, 27 May 2024 20:02:54 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 04D85335C52 for ; Mon, 27 May 2024 20:02:34 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id EED9C16 for ; Mon, 27 May 2024 20:02:31 +0000 (UTC) From: "Zac Medico" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" Message-ID: <1716840109.de19f3a7215d64d22dcc0f779314de1f1199963f.zmedico@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: lib/portage/util/ X-VCS-Repository: proj/portage X-VCS-Files: lib/portage/util/__init__.py X-VCS-Directories: lib/portage/util/ X-VCS-Committer: zmedico X-VCS-Committer-Name: Zac Medico X-VCS-Revision: de19f3a7215d64d22dcc0f779314de1f1199963f X-VCS-Branch: master Date: Mon, 27 May 2024 20:02:31 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 3d34b658-2a6c-42a7-ade0-b604577bfbe5 X-Archives-Hash: ac6322c630a6eb647ca9f160ab46c58f commit: de19f3a7215d64d22dcc0f779314de1f1199963f Author: Zac Medico gentoo org> AuthorDate: Mon May 27 18:47:30 2024 +0000 Commit: Zac Medico gentoo org> CommitDate: Mon May 27 20:01:49 2024 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=de19f3a7 atomic_ofstream: Use mkstemp rather than getpid (pid namespace safety) Bug: https://bugs.gentoo.org/851015 Signed-off-by: Zac Medico gentoo.org> lib/portage/util/__init__.py | 47 ++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/lib/portage/util/__init__.py b/lib/portage/util/__init__.py index 0c88068dda..f338f274aa 100644 --- a/lib/portage/util/__init__.py +++ b/lib/portage/util/__init__.py @@ -1,4 +1,4 @@ -# Copyright 2004-2023 Gentoo Authors +# Copyright 2004-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 from portage.cache.mappings import UserDict @@ -70,6 +70,7 @@ import shlex import stat import string import sys +import tempfile import traceback import glob from typing import Optional, TextIO @@ -1446,21 +1447,22 @@ class atomic_ofstream(AbstractContextManager, ObjectProxy): if follow_links: canonical_path = os.path.realpath(filename) object.__setattr__(self, "_real_name", canonical_path) - tmp_name = "%s.%i" % (canonical_path, portage.getpid()) + parent, basename = os.path.split(canonical_path) + fd, tmp_name = tempfile.mkstemp(prefix=basename, dir=parent) + object.__setattr__(self, "_tmp_name", tmp_name) try: object.__setattr__( self, "_file", open_func( - _unicode_encode( - tmp_name, encoding=_encodings["fs"], errors="strict" - ), + fd, mode=mode, **kargs, ), ) return - except OSError as e: + except OSError: + os.close(fd) if canonical_path == filename: raise # Ignore this error, since it's irrelevant @@ -1468,16 +1470,22 @@ class atomic_ofstream(AbstractContextManager, ObjectProxy): # new error if necessary. object.__setattr__(self, "_real_name", filename) - tmp_name = "%s.%i" % (filename, portage.getpid()) - object.__setattr__( - self, - "_file", - open_func( - _unicode_encode(tmp_name, encoding=_encodings["fs"], errors="strict"), - mode=mode, - **kargs, - ), - ) + parent, basename = os.path.split(filename) + fd, tmp_name = tempfile.mkstemp(prefix=basename, dir=parent) + object.__setattr__(self, "_tmp_name", tmp_name) + try: + object.__setattr__( + self, + "_file", + open_func( + fd, + mode=mode, + **kargs, + ), + ) + except OSError: + os.close(fd) + raise def __exit__(self, exc_type, exc_val, exc_tb): if exc_type is not None: @@ -1498,13 +1506,14 @@ class atomic_ofstream(AbstractContextManager, ObjectProxy): and performs the atomic replacement via os.rename(). If the abort() method has been called, then the temp file is closed and removed.""" f = object.__getattribute__(self, "_file") + tmp_name = object.__getattribute__(self, "_tmp_name") real_name = object.__getattribute__(self, "_real_name") if not f.closed: try: f.close() if not object.__getattribute__(self, "_aborted"): try: - apply_stat_permissions(f.name, os.stat(real_name)) + apply_stat_permissions(tmp_name, os.stat(real_name)) except OperationNotPermitted: pass except FileNotFound: @@ -1514,12 +1523,12 @@ class atomic_ofstream(AbstractContextManager, ObjectProxy): pass else: raise - os.rename(f.name, real_name) + os.rename(tmp_name, real_name) finally: # Make sure we cleanup the temp file # even if an exception is raised. try: - os.unlink(f.name) + os.unlink(tmp_name) except OSError as oe: pass