exec: remove support for transparently ungziping executables

Remove support for transparently ungziping executables from the exec server. The code in question makes the exec server unnecessarily complex and since the exec server is an essential process, crashing it makes /hurd/init crash the whole system. Since the gzip code is not thread-safe, all access to it is serialized, so there is a trivial way for one user to delay another users gzipped executables for some unspecified time. This can be accomplished by padding any program with easily compressed data, zipping it and executing it. Using such a program as an passive translator and then triggering its execution by the filesystem translator also stalls any requests to that filesystem (observed using the libdiskfs-based ext2fs). Since compressed executables cannot be mapped into the memory, they have to be uncompressed into allocated memory first. This is slower and any user with access to the exec server can make it allocate arbitrary amounts of memory. If the Hurd had proper memory accounting, this would probably be a way around it. So the compression support in exec seemingly creates various issues for little value, at least with the abundance of nonvolatile memory available today. * exec/Makefile: Remove gzip related files. * exec/exec.c: Remove anything #ifdef GZIPped. * exec/unzip.c: Move to libstore. * exec/crypt.h: Likewise. * exec/gzip.h: Likewise. * exec/inflate.c: Likewise. * exec/tailor.h: Likewise. * exec/util.c: Likewise. * libstore/Makefile: Remove the vpath magic for looking up the zip stuff.
author: Justus Winter <4winter@informatik.uni-hamburg.de> 2013-08-15 18:41:51 +0200
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2013-09-15 23:47:40 +0200
commit: b2e27fcee4cec98ffc39273ecfaa73aace9da2c3 (patch)
tree: 07b09422bd01aab1695b5bd72ef3a56858e0afb6 /libstore/util.c
parent: 23ca8f5f942f831ec5be3667fd0a29873fae2912 (diff)
1 files changed, 272 insertions, 0 deletions
diff --git a/libstore/util.c b/libstore/util.c
new file mode 100644
index 00000000..598586f5
--- /dev/null
+++ b/libstore/util.c
@@ -0,0 +1,272 @@
+/* Hacked and slashed by roland@gnu.ai.mit.edu for use in Hurd exec server.  */
+
+/* util.c -- utility functions for gzip support
+ * Copyright (C) 1992-1993 Jean-loup Gailly
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU General Public License, see the file COPYING.
+ */
+
+#ifdef RCSID
+static char rcsid[] = "$Id: util.c,v 1.1 1994/12/14 04:29:37 roland Exp $";
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <sys/types.h>
+
+#include "tailor.h"
+
+#ifdef HAVE_UNISTD_H
+#  include <unistd.h>
+#endif
+#ifndef NO_FCNTL_H
+#  include <fcntl.h>
+#endif
+
+#if defined(STDC_HEADERS) || !defined(NO_STDLIB_H)
+#  include <stdlib.h>
+#else
+   extern int errno;
+#endif
+
+#include "gzip.h"
+#include "crypt.h"
+
+/* cruft */
+int ifd, ofd;
+int to_stdout=1,quiet=1;
+
+/* I/O interface */
+int (*unzip_read) (char *buf, size_t maxread);
+void (*unzip_write) (const char *buf, size_t nwrite);
+#define read_error() (*unzip_read_error) ()
+void (*unzip_read_error) (void);
+
+
+extern ulg crc_32_tab[];   /* crc table, defined below */
+
+int exit_code = OK;   /* program exit code */
+int method = DEFLATED;/* compression method */
+unsigned insize;           /* valid bytes in inbuf */
+unsigned inptr;            /* index of next byte to be processed in inbuf */
+unsigned outcnt;           /* bytes in output buffer */
+DECLARE(uch, inbuf,  INBUFSIZ +INBUF_EXTRA);
+DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
+DECLARE(uch, window, 2L*WSIZE);
+
+
+/* This function stolen from gzip.c. */
+/* ========================================================================
+ * Check the magic number of the input file and update ofname if an
+ * original name was given and to_stdout is not set.
+ * Return the compression method, -1 for error, -2 for warning.
+ * Set inptr to the offset of the next byte to be processed.
+ * Updates time_stamp if there is one and --no-time is not used.
+ * This function may be called repeatedly for an input file consisting
+ * of several contiguous gzip'ed members.
+ * IN assertions: there is at least one remaining compressed member.
+ *   If the member is a zip file, it must be the only one.
+ */
+int get_method(in)
+    int in;        /* input file descriptor */
+{
+    uch flags;     /* compression flags */
+    char magic[2]; /* magic header */
+    ulg stamp;     /* time stamp */
+
+    /* Prime the input buffer.  */
+    fill_inbuf(0);
+    inptr = 0;
+
+    magic[0] = (char)get_byte();
+    magic[1] = (char)get_byte();
+
+    method = -1;                 /* unknown yet */
+
+    if (memcmp(magic, GZIP_MAGIC, 2) == 0
+        || memcmp(magic, OLD_GZIP_MAGIC, 2) == 0) {
+
+	method = (int)get_byte();
+	if (method != DEFLATED)
+	  return -1;
+
+	flags  = (uch)get_byte();
+	if ((flags & ENCRYPTED) != 0) return -1;
+	if ((flags & CONTINUATION) != 0) return -1;
+	if ((flags & RESERVED) != 0) return -1;
+
+	stamp  = (ulg)get_byte();
+	stamp |= ((ulg)get_byte()) << 8;
+	stamp |= ((ulg)get_byte()) << 16;
+	stamp |= ((ulg)get_byte()) << 24;
+
+	(void)get_byte();  /* Ignore extra flags for the moment */
+	(void)get_byte();  /* Ignore OS type for the moment */
+
+	if ((flags & CONTINUATION) != 0) {
+	    unsigned part = (unsigned)get_byte();
+	    part |= ((unsigned)get_byte())<<8;
+	}
+	if ((flags & EXTRA_FIELD) != 0) {
+	    unsigned len = (unsigned)get_byte();
+	    len |= ((unsigned)get_byte())<<8;
+	    while (len--) (void)get_byte();
+	}
+
+	/* Get original file name if it was truncated */
+	if ((flags & ORIG_NAME) != 0) {
+	  /* Discard the old name */
+	  char c; /* dummy used for NeXTstep 3.0 cc optimizer bug */
+	  do {c=get_byte();} while (c != 0);
+	} 
+
+	/* Discard file comment if any */
+	if ((flags & COMMENT) != 0) {
+	    while (get_char() != 0) /* null */ ;
+	}
+    } else if (memcmp(magic, PKZIP_MAGIC, 2) == 0 && inptr == 2
+	    && memcmp((char*)inbuf, PKZIP_MAGIC, 4) == 0) {
+      /* To simplify the code, we support a zip file when alone only.
+       * We are thus guaranteed that the entire local header fits in inbuf.
+       */
+      inptr = 0;
+      if (check_zipfile(in) == OK) return 0;
+    }
+
+    return method != DEFLATED;
+}
+
+
+/* ===========================================================================
+ * Run a set of bytes through the crc shift register.  If s is a NULL
+ * pointer, then initialize the crc shift register contents instead.
+ * Return the current crc in either case.
+ */
+ulg updcrc(s, n)
+    uch *s;                 /* pointer to bytes to pump through */
+    unsigned n;             /* number of bytes in s[] */
+{
+    register ulg c;         /* temporary variable */
+
+    static ulg crc = (ulg)0xffffffffL; /* shift register contents */
+
+    if (s == NULL) {
+	c = 0xffffffffL;
+    } else {
+	c = crc;
+        if (n) do {
+            c = crc_32_tab[((int)c ^ (*s++)) & 0xff] ^ (c >> 8);
+        } while (--n);
+    }
+    crc = c;
+    return c ^ 0xffffffffL;       /* (instead of ~c for 64-bit machines) */
+}
+
+/* ===========================================================================
+ * Clear input and output buffers
+ */
+void clear_bufs()
+{
+    outcnt = 0;
+    insize = inptr = 0;
+}
+
+/* ===========================================================================
+ * Fill the input buffer. This is called only when the buffer is empty.
+ */
+int fill_inbuf(eof_ok)
+    int eof_ok;          /* set if EOF acceptable as a result */
+{
+    int len;
+
+    /* Read as much as possible */
+    insize = 0;
+    do {
+	len = (*unzip_read)((char*)inbuf+insize, INBUFSIZ-insize);
+        if (len == 0 || len == EOF) break;
+	insize += len;
+    } while (insize < INBUFSIZ);
+
+    if (insize == 0) {
+	if (eof_ok) return EOF;
+	read_error();
+    }
+
+    inptr = 1;
+    return inbuf[0];
+}
+
+long int bytes_out;
+
+/* ===========================================================================
+ * Write the output window window[0..outcnt-1] and update crc and bytes_out.
+ * (Used for the decompressed data only.)
+ */
+void flush_window()
+{
+    if (outcnt == 0) return;
+    updcrc(window, outcnt);
+
+    (*unzip_write) ((char *) window, outcnt);
+    bytes_out += outcnt;
+
+    outcnt = 0;
+}
+
+/* ========================================================================
+ * Table of CRC-32's of all single-byte values (made by makecrc.c)
+ */
+ulg crc_32_tab[] = {
+  0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
+  0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
+  0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
+  0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
+  0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
+  0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
+  0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
+  0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
+  0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
+  0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
+  0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
+  0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
+  0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
+  0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
+  0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
+  0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
+  0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
+  0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
+  0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
+  0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
+  0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
+  0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
+  0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
+  0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
+  0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
+  0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
+  0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
+  0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
+  0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
+  0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
+  0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
+  0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
+  0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
+  0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
+  0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
+  0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
+  0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
+  0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
+  0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
+  0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
+  0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
+  0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
+  0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
+  0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
+  0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
+  0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
+  0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
+  0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
+  0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
+  0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
+  0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
+  0x2d02ef8dL
+};
author	Justus Winter <4winter@informatik.uni-hamburg.de>	2013-08-15 18:41:51 +0200
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2013-09-15 23:47:40 +0200
commit	b2e27fcee4cec98ffc39273ecfaa73aace9da2c3 (patch)
tree	07b09422bd01aab1695b5bd72ef3a56858e0afb6 /libstore/util.c
parent	23ca8f5f942f831ec5be3667fd0a29873fae2912 (diff)