Re: [hackers] Add realpath utility

From: Dimitris Papastamos <sin_AT_2f30.org>
Date: Fri, 20 Nov 2015 11:17:39 +0000

On Tue, Nov 17, 2015 at 06:42:29PM -0600, Brad Barden wrote:
> readlink and realpath do cover the exact same ground, but as discussed
> on irc, suckless readlink was broken with respect to -e and -m flags. we
> talked about having realpath be the utility for those options, and leave
> readlink to read links.
>
> realpath -m is unfortunately non-trivial, and I tried to make it too
> easy in my previous attempt.
>
> I started over with a different tact, and implemented a realpathm()
> function. It behaves identically to realpath(), but will canonicalize
> paths with non-existent components.
>
> Having realpathm(), implementing both readlink and realpath utilities is
> almost exactly the same, the only difference being default behavior.
>
> So in the attached patch is a working readlink with -e and -m flags
> restored. 'realpath' could be implemented with a two-line shell script
> or whatever, just calling readlink with the -f flag. That's nothing new,
> as you pointed out, but the other flags work now.
>
> There's probably plenty to pick on in here, and please do. Like I said,
> it's non-trivial...this is the simplest I was able to make it and still
> work in all the edge cases I could find.
>
> I hope this is useful.
>
> Extra side notes...I got started on this whole thing because I was
> already looking at suckless tar. My big annoyance with it is that it
> won't untar a relative tarball (with a "./" entry, tar tries to
> remove(".")). It also makes no effort to confine itself to cwd, so a
> (malicious, stupid, or accidental) tarball with
> "foobarhaha/../../../../../etc/shadow" or whatever could ruin my day.
> realpathm() gives a pretty easy way to do rudimentary checking before
> extracting. I'm going to do that in my local sbase tree, put
> realpathm() in libutil, maybe make a mkdirp()-ish with "relative to"
> argument/check, and patch tar with it.

I would prefer if readlink did not in itself support -e and -m. We
can have realpathm() in libutil/ and use it for both realpath and tar.
The reason is we cannot include shell scripts in sbase because of the
sbase-box target.

What do you think?
Received on Fri Nov 20 2015 - 12:17:39 CET

This archive was generated by hypermail 2.3.0 : Fri Nov 20 2015 - 12:24:11 CET