Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions and deletion of temporary files created by preprocessors (pp) #1802

Open
jboillot opened this issue Jul 17, 2024 · 1 comment · May be fixed by #1801
Open

Permissions and deletion of temporary files created by preprocessors (pp) #1802

jboillot opened this issue Jul 17, 2024 · 1 comment · May be fixed by #1801

Comments

@jboillot
Copy link

jboillot commented Jul 17, 2024
edited
Loading

Hello,
When a preprocessor (pp) is used, the input file is passed as an argument to the preprocessor executable and then redirected to a temporary file before being read again and deleted.

merlin/src/ocaml/driver/pparse.ml

Line 162 in ce92495

!System.run_in_directory

The first problem I have is that, when correctly read, the temporary file is never deleted which leads to an accumulation of merlinpp****.out in the /tmp/ directory. I propose a simple fix of this issue in PR #1801.

The second problem is that the temporary file is created, at least on Linux, via a redirection of the stdout of the preprocessor program to a temporary file.

merlin/src/utils/std.ml

Line 787 in ce92495

Printf.sprintf "%s 1>%s" args stdout

So, the permissions of this file are by default, at least on my computer, 0o644 which means everybody can read its content. Note that in the case of the input file, it is copied via a call to the function Filename.temp_file that uses permissions 0o600 (only owner can read and write).
I know this file only exists briefly (at least after the patch), and reading the source files requires being able to execute commands, but I'm not comfortable having source files accessible to everyone.
A possible fix could be to first create the source file via Filename.temp_file and then write into it with the redirection? I think this is the only place where the function System.run_in_directory is used with the stdout argument set. Should I include this in the PR? Should the creation of such a file be done in System.run_in_directory or in pparse.ml?

Have a good day!
@voodoos
Copy link
Collaborator

voodoos commented Jul 23, 2024

Hi @jboillot, thanks for the report and the PR !

I will try to have a look at it soon. I am curious about the interaction with Merlin caching mechanism, did you check (I did not, yet) that Merlin was not relying on re-reading this file in the absence of changes ?

Also, is that really an issue, shouldn't the system clean the tmp directory regularly ?

Seems right to make the permissions narrower in any case :-)

@voodoos voodoos linked a pull request Jul 25, 2024 that will close this issue
Fix deletion of preprocessor output file after usage #1801
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix deletion of preprocessor output file after usage jboillot/merlin
2 participants
@voodoos @jboillot