Fix default installation paths on mingw [1.1.1]#9400
Fix default installation paths on mingw [1.1.1]#9400levitte wants to merge 1 commit intoopenssl:OpenSSL_1_1_1-stablefrom
Conversation
|
Note that this is for 1.1.1 and probably 1.1.0, not for master. For master, I plan on using the platform perl modules to get paths right, which is completely different from this solution. |
levitte
force-pushed
the
fix-insecure-default-paths
branch
from
783395f to
56f3cb5
Compare
|
Oh, I just realised this is an issue on 1.0.2 as well... not installation wise, but certainly when it comes to the default OPENSSLDIR |
|
Richard Levitte wrote:
levitte commented on this pull request.
> @@ -14,6 +14,26 @@
our $dsoext = $target{dso_extension} || ".so";
our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog};
+ # $mingw_installroot and $mingw_commonroot is relevant for mingw only.
+ my $build_scheme = $target{build_scheme};
+ my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
+ my $mingw_installenv = $install_flavour eq "WOW" ? "ProgramFiles(x86)"
+ : "ProgramW6432";
+ my $mingw_commonenv = $install_flavour eq "WOW" ? "CommonProgramFiles(x86)"
+ : "CommonProgramW6432";
+ our $mingw_installroot =
+ defined($ENV{$mingw_installenv}) ? $mingw_installenv : 'ProgramFiles';
+ our $mingw_commonroot =
+ defined($ENV{$mingw_commonenv}) ? $mingw_commonenv : 'CommonProgramFiles';
+ my $mingw_installdflt =
+ $install_flavour eq "WOW" ? "C:/Program Files (x86)"
+ : "C:/Program Files";
Yes. These are default in case there are *no* such environment variables. This is typically the case when "cross-compiling" on, say, Linux. If you look at lines 34-35 below, you can see how these are used when the environment variables aren't there.
I cannot understand any of above paths. Even the fact that projects
produce and use "native" programs and libraries installation uses
linux/unix tree .
From my retired mingw* installations:
* mingw.org :
gcc.exe -v
Using built-in specs.
COLLECT_GCC=....\gcc.exe
COLLECT_LTO_WRAPPER=..../gcc/mingw32/4.8.1/lto-wrapper.exe
Target: mingw32
Configured with: ../gcc-4.8.1/configure --prefix=/mingw --host=mingw32
--build=mingw32 ...
*mingw-w64 ( 32 bit ):
gcc.exe -v
Using built-in specs.
COLLECT_GCC=...\gcc.exe
COLLECT_LTO_WRAPPER=.../gcc/i686-w64-mingw32/4.9.2/lto-wrapper.exe
Target: i686-w64-mingw32
Configured with: ../../../src/gcc-4.9.2/configure
--host=i686-w64-mingw32 --build=i686-w64-mingw32
--target=i686-w64-mingw32 --prefix=/mingw32
--with-sysroot=/c/mingw492/i686-492-posix-dwarf-rt_v4-rev3/mingw32
No installation of 64-bit from mingw-w64 project but expected prefix is
either /mingw or /mingw64 .
I'm puzzled by proposed solution.
Roumen
|
|
The proposed mingw paths mimic quite exactly the paths used with a VC build. As I've understood it, it's not at all certain that a program built with mingw toolchains are run in a full fledged mingw environment. |
Right. I don't understand @petrovr's concern. The point is that if you are using the mingw toolchain you are (probably) intending the resulting binaries to be used on "native" Windows and not inside a posix environment. Therefore default paths should be correct for native Windows (as is done with VC builds). |
|
mattcaswell wrote:
> The proposed mingw paths mimic quite exactly the paths used with a VC build. As I've understood it, it's not at all certain that a program built with mingw toolchains are run in a full fledged mingw environment.
Right. I don't understand @petrovr's concern. The point is that if you are using the mingw toolchain you are (probably) intending the resulting binaries to be used on "native" Windows and not inside a posix environment. Therefore default paths should be correct for native Windows (as is done with VC builds).
I show how mingw* projects setup packages. Projects provide MSYS{2}
environment that allows use of autotool ("autoconf" and etc.) based
configurations.
So other open-source project will use unix style except OpenSSL?!?!?
Roumen
P.S.
Otherwise mingw* links to "C-runtime" installed on system. As result is
save to use "common" installation path.
This is not true for VC builds where binaries depend from compiler
"C-runtime". With other words is not save to install VC in common path.
|
|
The real problem is OPENSSLDIR and ENGINESDIR, which currently default to As far as I understand, once in code, these paths are not translated to anything Windowsy by |
|
Richard Levitte wrote:
The real problem is OPENSSLDIR and ENGINESDIR, which currently default to `/usr/local/ssl` and `/usr/local/lib/engines-1.1` respectively, *and are saved as such in the library*.
I did not understand issue like this - hard-coded path more or less are
issue in any open-source project. As main development platform for most
of them is Linux 'relocatable' installation is not top priority.
For instance gettext try to use 'relocations' but I cannot remember what
was issue with its use In third party applications.
As far as I understand, once in code, these paths are not translated to anything Windowsy by `open()` or `fopen()`, so they end up being interpreted as `C:\usr\local\ssl` and `C:\usr\local\lib\engines-1.1` (`C` might be another device, but that doesn't really matter) by the underlying Windows RTLs.
Android is another sample. For instance in PKIX-SSH for Android, builds
"wrap" open, fopen and rename to ensure some kind of ''relocatable''
installation.
Another way to resolve issue is 'package manager'. During installation
some paths are stored into registry and then project code reads from
them. This give another 'relocatable' solution - database (file) that
maps a number of locations(paths) to real installation.
In OpenSSL issue is not that OPENSSLDIR is stored into library . I see
declaration like: # define X509_CERT_DIR OPENSSLDIR "/certs".
In ssh code situation is same, even worst :( - all defines(!?!?!) in
pathnames.h!
For my point of view defines like X509_CERT_DIR could be replaced with
function calls.
But if you prefer simple solution ( 'prefix' at build time ) go ahead.
'relocatable' could be postponed for future version (4.0 ).
Regards,
Roumen Petrov
|
What should happen when those registry keys aren't present? Are we supposed to add such keys in our installation targets? What paths should they have? ... see how it still gets back to defining some kind of default path for stuff? |
|
Richard Levitte wrote:
> Another way to resolve issue is 'package manager'. During installation some paths are stored into registry and then project code reads from them. This give another 'relocatable' solution - database (file) that maps a number of locations(paths) to real installation.
What should happen when those registry keys aren't present? Are we supposed to add such keys in our installation targets? What paths should they have? ... see how it still gets back to defining some kind of default path for stuff?
There is not strict requirement to use 'registry' database. Main idea is
"mapping". It could be implemented with project specific 'file', where
is written following information:
"a" installed in "path1"
"b" installed in "path21"
...
"z" installed in "path94"
Regards,
Roumen Petrov
Remark: currently PKIX-SSH uses "wrap" solutions as it requires less
changes to exiting source but ... (off topic).
|
So OK, a single path. Still something that needs a default. Also, mind you, this is for 1.1.1. We can't radically change it to suddenly require this information to exist in the config file ('cause that's the idea, right?) |
Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552
levitte
force-pushed
the
fix-insecure-default-paths
branch
from
56f3cb5 to
3c83dbb
Compare
mattcaswell
added
the
approval: done
Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by: Matt Caswell <[email protected]> (Merged from #9400)
|
Merged. 1.1.1: The 1.1.0 port wasn't as simple as clean cherry-pick. I will add another PR to that effect. |
|
First of all, thanks for this fix! After reviewing the commit, I have one remark and one question:
|
|
Regarding 2: yes, it should be possible to do. We specifically use File::Spec::Win32 with mingw in the Makefile template, so Windows path semantics apply. Feel free to try that out, I haven't tested that very much, so if there are kinks that need sorting out, now's the time! |
|
Regarding 1: I have a hard time seeing |
|
@levitte: Yes, Back to 1; I've made a cross-compile test (from macOS to mingw64) with latest ./Configure mingw64 \
--cross-compile-prefix=x86_64-w64-mingw32- \
--prefix=C:/Windows/System32/OpenSSLoutput: The one with a vulnerable-on-Windows *nix path builds fine: ./Configure mingw64 \
--cross-compile-prefix=x86_64-w64-mingw32- \
--prefix=/usr/localThe check is done in lines below in elsif (/^[-+]/)
{
if (/^--prefix=(.*)$/)
{
$config{prefix}=$1;
die "Directory given with --prefix MUST be absolute\n"
unless file_name_is_absolute($config{prefix});
} |
|
Ah, thanks for the pointer, I forgot to look there... It will take a few days before I can do anything with this, though... I'm essentially away from the computer until next Thursday. |
|
No worries/hurries, I got this for now with a simple patch, just take any time you need. Feel free to drop me a line to make tests. |
|
Would you mind creating an issue? That would be helpful, as closed PRs are a bit hard for me to keep track of... |
|
Fair point! — I've opened a new one here: #9520 |
|
It turns out that |
|
Yeah, that might be the better solution, really, to simply refuse to configure without at least --prefix set. That's actually a fairly easy thing to do... I won't do it immediately, but will keep that in mind. |
5 participants
Mingw config targets assumed that resulting programs and libraries are
installed in a Unix-like environment and the default installation
prefix was therefore set to '/usr/local'.
However, mingw programs are installed in a Windows environment, and
the installation directories should therefore have Windows defaults,
i.e. the same kind of defaults as the VC config targets.
A difficulty is, however, that a "cross compiled" build can't figure
out the system defaults from environment the same way it's done when
building "natively", so we have to fall back to hard coded defaults in
that case.
Tests can still be performed when cross compiled on a non-Windows
platform, since all tests only depend on the source and build
directory, and otherwise relies on normal local paths.