use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin #131505

madsmtm · 2024-10-10T17:03:30Z

Rebased version of #100824, FCP has completed there. Motivation from #100824 (comment):

This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...).

Specifically, this changes it so that iff TMPDIR is unset in the environment, then we use confstr(_CS_DARWIN_USER_TEMP_DIR, ...) to query the user temporary directory (previously we just returned "/tmp"). If this fails (probably possible in a sandboxed program), only then do we fallback to "/tmp" (as before).

The motivations here are two-fold:

This is better for security, and is in line with the platform security recommendations, as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user).

This is a more consistent fallback for when getenv("TMPDIR") is unavailable, as $TMPDIR is usually initialized to the DARWIN_USER_TEMP_DIR.

It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior.

Closes #99608.
Closes #100824.

@rustbot label O-apple T-libs-api

r? Dylan-DPC

…n darwin

rustbot · 2024-10-10T17:03:38Z

r? @Mark-Simulacrum

rustbot has assigned @Mark-Simulacrum.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

thomcc · 2024-10-10T17:13:47Z

Rebased version of #100824

You own for doing this, it had totally fallen off my radar.

madsmtm · 2024-10-10T18:23:23Z

Ah, seems like we'll have to implement this in miri too. I'll try to whip up a PR there.
@rustbot blocked

Unless you know that such functions are generally not wanted in Miri, and that we should instead ignore the test?

madsmtm · 2024-10-10T18:47:27Z

... never mind, that's a larger endeavour, and I'm not sure it's really desired for Miri to implement confstr, so I've opted to not use it when running under Miri for now.

@rustbot ready

madsmtm · 2024-11-16T18:34:12Z

r? t-libs

dtolnay

Thank you!

dtolnay · 2024-11-21T22:38:10Z

@bors r+

bors · 2024-11-21T22:38:13Z

📌 Commit 1287eff has been approved by dtolnay

It is now in the queue for this repository.

…olnay use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin Rebased version of rust-lang#100824, FCP has completed there. Motivation from rust-lang#100824 (comment): > This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...). > > Specifically, this changes it so that iff `TMPDIR` is unset in the environment, then we use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` to query the user temporary directory (previously we just returned `"/tmp"`). If this fails (probably possible in a sandboxed program), only then do we fallback to `"/tmp"` (as before). > > The motivations here are two-fold: > > 1. This is better for security, and is in line with the [platform security recommendations](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW10), as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user). > 2. This is a more consistent fallback for when `getenv("TMPDIR")` is unavailable, as `$TMPDIR` is usually initialized to the `DARWIN_USER_TEMP_DIR`. > > It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior. Closes rust-lang#99608. Closes rust-lang#100824. `@rustbot` label O-apple T-libs-api r? Dylan-DPC

…mpiler-errors Rollup of 9 pull requests Successful merges: - rust-lang#129238 (Stabilize `Ipv6Addr::is_unique_local` and `Ipv6Addr::is_unicast_link_local`) - rust-lang#130867 (distinguish overflow and unimplemented in Step::steps_between) - rust-lang#131505 (use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin) - rust-lang#132090 (Stop being so bail-y in candidate assembly) - rust-lang#133159 (Don't allow `-Zunstable-options` to take a value ) - rust-lang#133215 (Fix missing submodule in `./x vendor`) - rust-lang#133286 (Re-delay a resolve `bug` related to `Self`-ctor in patterns) - rust-lang#133301 (Add code example for `wrapping_neg` method for signed integers) - rust-lang#133313 (Use arc4random of libc for RTEMS target) r? `@ghost` `@rustbot` modify labels: rollup

jhpratt · 2024-11-22T06:49:22Z

@bors r-

Failing in CI

#133322 (comment)

madsmtm · 2024-11-22T07:02:22Z

Aw damn, should be fixed now.

dtolnay · 2024-11-22T07:44:10Z

@bors r+

bors · 2024-11-22T07:44:13Z

📌 Commit f98d9dd has been approved by dtolnay

It is now in the queue for this repository.

…olnay use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin Rebased version of rust-lang#100824, FCP has completed there. Motivation from rust-lang#100824 (comment): > This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...). > > Specifically, this changes it so that iff `TMPDIR` is unset in the environment, then we use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` to query the user temporary directory (previously we just returned `"/tmp"`). If this fails (probably possible in a sandboxed program), only then do we fallback to `"/tmp"` (as before). > > The motivations here are two-fold: > > 1. This is better for security, and is in line with the [platform security recommendations](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW10), as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user). > 2. This is a more consistent fallback for when `getenv("TMPDIR")` is unavailable, as `$TMPDIR` is usually initialized to the `DARWIN_USER_TEMP_DIR`. > > It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior. Closes rust-lang#99608. Closes rust-lang#100824. `@rustbot` label O-apple T-libs-api r? Dylan-DPC

…mpiler-errors Rollup of 8 pull requests Successful merges: - rust-lang#131505 (use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin) - rust-lang#131859 (Update TRPL to add new Chapter 17: Async and Await) - rust-lang#132090 (Stop being so bail-y in candidate assembly) - rust-lang#132597 (btree: don't leak value if destructor of key panics) - rust-lang#132911 (Pretty print async fn sugar in opaques and trait bounds) - rust-lang#133159 (Don't allow `-Zunstable-options` to take a value ) - rust-lang#133247 (Reduce integer `Display` implementation size) - rust-lang#133286 (Re-delay a resolve `bug` related to `Self`-ctor in patterns) Failed merges: - rust-lang#133215 (Fix missing submodule in `./x vendor`) r? `@ghost` `@rustbot` modify labels: rollup

…olnay use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin Rebased version of rust-lang#100824, FCP has completed there. Motivation from rust-lang#100824 (comment): > This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...). > > Specifically, this changes it so that iff `TMPDIR` is unset in the environment, then we use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` to query the user temporary directory (previously we just returned `"/tmp"`). If this fails (probably possible in a sandboxed program), only then do we fallback to `"/tmp"` (as before). > > The motivations here are two-fold: > > 1. This is better for security, and is in line with the [platform security recommendations](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW10), as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user). > 2. This is a more consistent fallback for when `getenv("TMPDIR")` is unavailable, as `$TMPDIR` is usually initialized to the `DARWIN_USER_TEMP_DIR`. > > It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior. Closes rust-lang#99608. Closes rust-lang#100824. ``@rustbot`` label O-apple T-libs-api r? Dylan-DPC

…olnay use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin Rebased version of rust-lang#100824, FCP has completed there. Motivation from rust-lang#100824 (comment): > This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...). > > Specifically, this changes it so that iff `TMPDIR` is unset in the environment, then we use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` to query the user temporary directory (previously we just returned `"/tmp"`). If this fails (probably possible in a sandboxed program), only then do we fallback to `"/tmp"` (as before). > > The motivations here are two-fold: > > 1. This is better for security, and is in line with the [platform security recommendations](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW10), as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user). > 2. This is a more consistent fallback for when `getenv("TMPDIR")` is unavailable, as `$TMPDIR` is usually initialized to the `DARWIN_USER_TEMP_DIR`. > > It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior. Closes rust-lang#99608. Closes rust-lang#100824. `@rustbot` label O-apple T-libs-api r? Dylan-DPC

…iaskrgr Rollup of 7 pull requests Successful merges: - rust-lang#127483 (Allow disabling ASan instrumentation for globals) - rust-lang#131505 (use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin) - rust-lang#132949 (Add specific diagnostic for using macro_rules macro as attribute/derive) - rust-lang#133247 (Reduce integer `Display` implementation size) - rust-lang#133286 (Re-delay a resolve `bug` related to `Self`-ctor in patterns) - rust-lang#133332 (Mark `<[T; N]>::as_mut_slice` with the `const` specifier.) - rust-lang#133366 (Remove unnecessary bool from `ExpectedFound::new`) Failed merges: - rust-lang#131859 (Update TRPL to add new Chapter 17: Async and Await) r? `@ghost` `@rustbot` modify labels: rollup

Rollup of 6 pull requests Successful merges: - rust-lang#127483 (Allow disabling ASan instrumentation for globals) - rust-lang#131505 (use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin) - rust-lang#132949 (Add specific diagnostic for using macro_rules macro as attribute/derive) - rust-lang#133286 (Re-delay a resolve `bug` related to `Self`-ctor in patterns) - rust-lang#133332 (Mark `<[T; N]>::as_mut_slice` with the `const` specifier.) - rust-lang#133366 (Remove unnecessary bool from `ExpectedFound::new`) r? `@ghost` `@rustbot` modify labels: rollup

Rollup merge of rust-lang#131505 - madsmtm:darwin_user_temp_dir, r=dtolnay use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin Rebased version of rust-lang#100824, FCP has completed there. Motivation from rust-lang#100824 (comment): > This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...). > > Specifically, this changes it so that iff `TMPDIR` is unset in the environment, then we use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` to query the user temporary directory (previously we just returned `"/tmp"`). If this fails (probably possible in a sandboxed program), only then do we fallback to `"/tmp"` (as before). > > The motivations here are two-fold: > > 1. This is better for security, and is in line with the [platform security recommendations](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW10), as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user). > 2. This is a more consistent fallback for when `getenv("TMPDIR")` is unavailable, as `$TMPDIR` is usually initialized to the `DARWIN_USER_TEMP_DIR`. > > It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior. Closes rust-lang#99608. Closes rust-lang#100824. ``@rustbot`` label O-apple T-libs-api r? Dylan-DPC

thomcc and others added 3 commits October 10, 2024 18:36

use confstr(_CS_DARWIN_USER_TEMP_DIR, ...) as a TMPDIR fallback o…

cbe428d

…n darwin

Prefer target_vendor = "apple" on confstr

6d075dc

Use with_capacity(0) because we're reading the capacity later on

b62ee10

rustbot assigned Mark-Simulacrum Oct 10, 2024

madsmtm mentioned this pull request Oct 10, 2024

use confstr(_CS_DARWIN_USER_TEMP_DIR, ...) as a TMPDIR fallback on Darwin #100824

Closed

rustbot assigned Dylan-DPC and unassigned Mark-Simulacrum Oct 10, 2024

This comment has been minimized.

Sign in to view

rustbot added S-blocked Status: Blocked on something else such as an RFC or other implementation work. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 10, 2024

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-blocked Status: Blocked on something else such as an RFC or other implementation work. labels Oct 10, 2024

rustbot assigned jhpratt and unassigned Dylan-DPC Nov 16, 2024

dtolnay approved these changes Nov 21, 2024

View reviewed changes

dtolnay assigned dtolnay and unassigned jhpratt Nov 21, 2024

bors removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Nov 21, 2024

bors added the S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. label Nov 21, 2024

compiler-errors mentioned this pull request Nov 22, 2024

Rollup of 9 pull requests #133322

Closed

bors added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Nov 22, 2024

Don't try to use confstr in Miri

f98d9dd

madsmtm force-pushed the darwin_user_temp_dir branch from 1287eff to f98d9dd Compare November 22, 2024 07:01

bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Nov 22, 2024

compiler-errors mentioned this pull request Nov 22, 2024

Rollup of 8 pull requests #133350

Closed

compiler-errors mentioned this pull request Nov 23, 2024

Rollup of 6 pull requests #133359

Closed

matthiaskrgr mentioned this pull request Nov 23, 2024

Rollup of 7 pull requests #133375

Closed

jieyouxu mentioned this pull request Nov 23, 2024

Rollup of 6 pull requests #133377

Merged

bors merged commit f860f5b into rust-lang:master Nov 23, 2024
6 checks passed

rustbot added this to the 1.85.0 milestone Nov 23, 2024

madsmtm deleted the darwin_user_temp_dir branch November 24, 2024 00:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin #131505

use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin #131505

madsmtm commented Oct 10, 2024 •

edited

Loading

rustbot commented Oct 10, 2024

thomcc commented Oct 10, 2024

This comment has been minimized.

madsmtm commented Oct 10, 2024 •

edited

Loading

madsmtm commented Oct 10, 2024

madsmtm commented Nov 16, 2024

dtolnay left a comment

dtolnay commented Nov 21, 2024

bors commented Nov 21, 2024

jhpratt commented Nov 22, 2024

madsmtm commented Nov 22, 2024

dtolnay commented Nov 22, 2024

bors commented Nov 22, 2024

use confstr(_CS_DARWIN_USER_TEMP_DIR, ...) as a TMPDIR fallback on Darwin #131505

use confstr(_CS_DARWIN_USER_TEMP_DIR, ...) as a TMPDIR fallback on Darwin #131505

Conversation

madsmtm commented Oct 10, 2024 • edited Loading

rustbot commented Oct 10, 2024

thomcc commented Oct 10, 2024

This comment has been minimized.

madsmtm commented Oct 10, 2024 • edited Loading

madsmtm commented Oct 10, 2024

madsmtm commented Nov 16, 2024

dtolnay left a comment

Choose a reason for hiding this comment

dtolnay commented Nov 21, 2024

bors commented Nov 21, 2024

jhpratt commented Nov 22, 2024

madsmtm commented Nov 22, 2024

dtolnay commented Nov 22, 2024

bors commented Nov 22, 2024

use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin #131505

use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin #131505

madsmtm commented Oct 10, 2024 •

edited

Loading

madsmtm commented Oct 10, 2024 •

edited

Loading