os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8) #56544
Comments
mdempsky
added
NeedsFix
|
@gopherbot Please backport to 1.18 and 1.19. The Windows security fix inadvertently broke Plan 9. |
|
Backport issue(s) opened: #56550 (for 1.18), #56551 (for 1.19). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
|
Change https://go.dev/cl/447715 mentions this issue: |
|
/cc @golang/plan9 for FYI |
|
If we can get a Plan 9 builder (either 386 or amd64) running on GCP VMs again, that would help with being able to run the Plan 9 tests in advance of security releases. That's #29801. |
|
Change https://go.dev/cl/447875 mentions this issue: |
|
Change https://go.dev/cl/447799 mentions this issue: |
Suppose the plan9-arm builder could run on AWS arm bare-metal, would that be an acceptable alternative? |
As an alternative alternative, one (physical) raspberry pi in the reverse-dial plan9-arm cluster (in my house) could be kept in reserve for explicitly requested slowbot runs, so those wouldn't have to be queued up behind the normal trybot runs from every new CL. Is there a way to configure that in the coordinator? I guess using a separate builder name would work. |
…n Plan 9 Plan 9 uses NUL as os.PathListSeparator, so it's almost always going to appear in the environment variable list. Exempt GOOS=plan9 from the check for NUL in environment variables. For #56284. For #56544. Fixes #56550. Change-Id: I23df233cdf20c0a9a606fd9253e15a9b5482575a Reviewed-on: https://go-review.googlesource.com/c/go/+/447715 Reviewed-by: David du Colombier <0intro@gmail.com> Run-TryBot: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/447875 Run-TryBot: David du Colombier <0intro@gmail.com>
…n Plan 9 Plan 9 uses NUL as os.PathListSeparator, so it's almost always going to appear in the environment variable list. Exempt GOOS=plan9 from the check for NUL in environment variables. For #56284. For #56544. Fixes #56551. Change-Id: I23df233cdf20c0a9a606fd9253e15a9b5482575a Reviewed-on: https://go-review.googlesource.com/c/go/+/447715 Reviewed-by: David du Colombier <0intro@gmail.com> Run-TryBot: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/447799 Run-TryBot: David du Colombier <0intro@gmail.com>
…n Plan 9 Plan 9 uses NUL as os.PathListSeparator, so it's almost always going to appear in the environment variable list. Exempt GOOS=plan9 from the check for NUL in environment variables. For golang#56284. For golang#56544. Fixes golang#56551. Change-Id: I23df233cdf20c0a9a606fd9253e15a9b5482575a Reviewed-on: https://go-review.googlesource.com/c/go/+/447715 Reviewed-by: David du Colombier <0intro@gmail.com> Run-TryBot: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/447799 Run-TryBot: David du Colombier <0intro@gmail.com>
CL 446915 fixes a security vulnerability on Windows (#56284), by rejecting environment variables containing NUL in
os/exec.Cmd. In Plan 9, NULs in environment variables are not only permitted but required: thepathvariable uses NUL as theos.PathListSeparatorcharacter. Since the environment almost always containspath, this effectively breaksos/exec, on whichgo builddepends.The change has already been back-ported to 1.19.3 and 1.18.8, so those releases also won't build for Plan 9.
Plan 9 does not exhibit the vulnerability to NULs because it implements environment variables in a completely different way.
Therefore we could safely correct this issue by making the rejection of NUL conditional on
runtime.GOOS != "plan9"or onos.PathListSeparator != '\000'.The text was updated successfully, but these errors were encountered: