Skip to content

install: keep post-copy finalization bound to created file#12063

Open
parasol-aser wants to merge 3 commits intouutils:mainfrom
parasol-aser:fix-install-postcopy-finalization-12062
Open

install: keep post-copy finalization bound to created file#12063
parasol-aser wants to merge 3 commits intouutils:mainfrom
parasol-aser:fix-install-postcopy-finalization-12062

Conversation

@parasol-aser
Copy link
Copy Markdown

@parasol-aser parasol-aser commented Apr 28, 2026

Fixes #12062.

This keeps install bound to the file it actually created instead of reopening the destination by pathname during post-copy finalization.

What changed:

  • add O_NOFOLLOW | O_EXCL to fd-based destination creation
  • keep the destination file open through finalization
  • run --strip-program, chmod, chown, and timestamp updates against that file handle
  • fail if the destination pathname no longer resolves to the same file before success
  • add a regression test for the symlink-swap --strip-program case

Validation:

  • cargo +1.93.0-x86_64-unknown-linux-gnu build -p uu_install --bin install
  • cargo +1.93.0-x86_64-unknown-linux-gnu test --test tests --features 'install chmod' test_install::test_install_and_strip_with_program_hyphen -- --exact --nocapture
  • cargo +1.93.0-x86_64-unknown-linux-gnu test --test tests --features 'install chmod' test_install::test_install_strip_program_symlink_swap_does_not_touch_victim -- --exact --nocapture

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 28, 2026
edited
Loading

GNU testsuite comparison:

GNU test failed: tests/install/basic-1. tests/install/basic-1 is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/install/install-C-selinux. tests/install/install-C-selinux is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/install/install-Z-selinux. tests/install/install-Z-selinux is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/install/strip-program. tests/install/strip-program is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/date/date-locale-hour (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/tail/tail-n0f (passes in this run but fails in the 'main' branch)
Congrats! The gnu test tests/printf/printf-surprise is now passing!
Skip an intermittent issue tests/cut/bounded-memory (was skipped on 'main', now failing)

oech3
oech3 reviewed Apr 28, 2026
View reviewed changes
Comment thread src/uu/install/src/install.rs Outdated
use filetime::set_file_times;
use filetime::{FileTime, set_file_handle_times};
#[cfg(unix)]
use nix::unistd::{Gid, Uid, dup, fchown};
Copy link
Copy Markdown
Contributor

@oech3 oech3 Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it able to use rustix instead?

Copy link
Copy Markdown
Author

@parasol-aser parasol-aser Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Swapped this over to rustix in c62d1d0 and re-ran the two targeted install tests; both pass.

@oech3
Copy link
Copy Markdown
Contributor

oech3 commented Apr 29, 2026

Please cargo fmt and clippy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@oech3 oech3 oech3 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

install: post-copy finalization reopens destination by path, allowing symlink-swap redirection

3 participants

@parasol-aser @oech3 @jeffhuang