Update std::env::temp_dir to use GetTempPath2 on Windows when available. by talagrand · Pull Request #89999 · rust-lang/rust
joshtriplett
added
relnotes
labels
Oct 18, 2021
As a security measure, Windows 11 introduces a new temporary directory API, GetTempPath2. When the calling process is running as SYSTEM, a separate temporary directory will be returned inaccessible to non-SYSTEM processes. For non-SYSTEM processes the behavior will be the same as before.
bors
added
S-waiting-on-bors
and removed S-waiting-on-review
Status: Awaiting review from the assignee but also interested parties.labels
Dec 4, 2021
bors
added
S-waiting-on-review
and removed S-waiting-on-bors
Status: Waiting on bors to run and complete tests. Bors will change the label on completion.labels
Dec 4, 2021
bors
added
S-waiting-on-bors
and removed S-waiting-on-review
Status: Awaiting review from the assignee but also interested parties.labels
Dec 6, 2021matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request
Dec 6, 2021
Update std::env::temp_dir to use GetTempPath2 on Windows when available. As a security measure, Windows 11 introduces a new temporary directory API, GetTempPath2. When the calling process is running as SYSTEM, a separate temporary directory will be returned inaccessible to non-SYSTEM processes. For non-SYSTEM processes the behavior will be the same as before. This can help mitigate against attacks such as this one: https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2 Compatibility risk: Software which relies on temporary files to communicate between SYSTEM and non-SYSTEM processes may be affected by this change. In many cases, such patterns may be vulnerable to the very attacks the new API was introduced to harden against. I'm unclear on the Rust project's tolerance for such change-of-behavior in the standard library. If anything, this PR is meant to raise awareness of the issue and hopefully start the conversation. How tested: Taking the example code from the documentation and running it through psexec (from SysInternals) on Win10 and Win11. On Win10: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\WINDOWS\TEMP\ On Win11: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\Windows\SystemTemp\
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request
Dec 6, 2021
Update std::env::temp_dir to use GetTempPath2 on Windows when available. As a security measure, Windows 11 introduces a new temporary directory API, GetTempPath2. When the calling process is running as SYSTEM, a separate temporary directory will be returned inaccessible to non-SYSTEM processes. For non-SYSTEM processes the behavior will be the same as before. This can help mitigate against attacks such as this one: https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2 Compatibility risk: Software which relies on temporary files to communicate between SYSTEM and non-SYSTEM processes may be affected by this change. In many cases, such patterns may be vulnerable to the very attacks the new API was introduced to harden against. I'm unclear on the Rust project's tolerance for such change-of-behavior in the standard library. If anything, this PR is meant to raise awareness of the issue and hopefully start the conversation. How tested: Taking the example code from the documentation and running it through psexec (from SysInternals) on Win10 and Win11. On Win10: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\WINDOWS\TEMP\ On Win11: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\Windows\SystemTemp\
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request
Dec 8, 2021
Update std::env::temp_dir to use GetTempPath2 on Windows when available. As a security measure, Windows 11 introduces a new temporary directory API, GetTempPath2. When the calling process is running as SYSTEM, a separate temporary directory will be returned inaccessible to non-SYSTEM processes. For non-SYSTEM processes the behavior will be the same as before. This can help mitigate against attacks such as this one: https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2 Compatibility risk: Software which relies on temporary files to communicate between SYSTEM and non-SYSTEM processes may be affected by this change. In many cases, such patterns may be vulnerable to the very attacks the new API was introduced to harden against. I'm unclear on the Rust project's tolerance for such change-of-behavior in the standard library. If anything, this PR is meant to raise awareness of the issue and hopefully start the conversation. How tested: Taking the example code from the documentation and running it through psexec (from SysInternals) on Win10 and Win11. On Win10: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\WINDOWS\TEMP\ On Win11: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\Windows\SystemTemp\
bors added a commit to rust-lang-ci/rust that referenced this pull request
Dec 9, 2021
…askrgr Rollup of 6 pull requests Successful merges: - rust-lang#87599 (Implement concat_bytes!) - rust-lang#89999 (Update std::env::temp_dir to use GetTempPath2 on Windows when available.) - rust-lang#90796 (Remove the reg_thumb register class for asm! on ARM) - rust-lang#91042 (Use Vec extend instead of repeated pushes on several places) - rust-lang#91634 (Do not attempt to suggest help for overly malformed struct/function call) - rust-lang#91685 (Install llvm tools to sysroot when assembling local toolchain) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
wip-sync pushed a commit to NetBSD/pkgsrc-wip that referenced this pull request
Mar 2, 2022
Pkgsrc changes: * Bump available bootstraps to 1.58.1. * Adjust one patch (and checksum) so that it still applies. Upstream changes: Version 1.59.0 (2022-02-24) ========================== Language -------- - [Stabilize default arguments for const generics][90207] - [Stabilize destructuring assignment][90521] - [Relax private in public lint on generic bounds and where clauses of trait impls][90586] - [Stabilize asm! and global_asm! for x86, x86_64, ARM, Aarch64, and RISC-V][91728] Compiler -------- - [Stabilize new symbol mangling format, leaving it opt-in (-Csymbol-mangling-version=v0)][90128] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Fix sparc64 ABI for aggregates with floating point members][91003] - [Warn when a `#[test]`-like built-in attribute macro is present multiple times.][91172] - [Add support for riscv64gc-unknown-freebsd][91284] - [Stabilize `-Z emit-future-incompat` as `--json future-incompat`][91535] - [Soft disable incremental compilation][94124] This release disables incremental compilation, unless the user has explicitly opted in via the newly added RUSTC_FORCE_INCREMENTAL=1 environment variable. This is due to a known and relatively frequently occurring bug in incremental compilation, which causes builds to issue internal compiler errors. This particular bug is already fixed on nightly, but that fix has not yet rolled out to stable and is deemed too risky for a direct stable backport. As always, we encourage users to test with nightly and report bugs so that we can track failures and fix issues earlier. See [94124] for more details. [94124]: rust-lang/rust#94124 Libraries --------- - [Remove unnecessary bounds for some Hash{Map,Set} methods][91593] Stabilized APIs --------------- - [`std::thread::available_parallelism`][available_parallelism] - [`Result::copied`][result-copied] - [`Result::cloned`][result-cloned] - [`arch::asm!`][asm] - [`arch::global_asm!`][global_asm] - [`ops::ControlFlow::is_break`][is_break] - [`ops::ControlFlow::is_continue`][is_continue] - [`TryFrom<char> for u8`][try_from_char_u8] - [`char::TryFromCharError`][try_from_char_err] implementing `Clone`, `Debug`, `Display`, `PartialEq`, `Copy`, `Eq`, `Error` - [`iter::zip`][zip] - [`NonZeroU8::is_power_of_two`][is_power_of_two8] - [`NonZeroU16::is_power_of_two`][is_power_of_two16] - [`NonZeroU32::is_power_of_two`][is_power_of_two32] - [`NonZeroU64::is_power_of_two`][is_power_of_two64] - [`NonZeroU128::is_power_of_two`][is_power_of_two128] - [`DoubleEndedIterator for ToLowercase`][lowercase] - [`DoubleEndedIterator for ToUppercase`][uppercase] - [`TryFrom<&mut [T]> for [T; N]`][tryfrom_ref_arr] - [`UnwindSafe for Once`][unwindsafe_once] - [`RefUnwindSafe for Once`][refunwindsafe_once] - [armv8 neon intrinsics for aarch64][stdarch/1266] Const-stable: - [`mem::MaybeUninit::as_ptr`][muninit_ptr] - [`mem::MaybeUninit::assume_init`][muninit_init] - [`mem::MaybeUninit::assume_init_ref`][muninit_init_ref] - [`ffi::CStr::from_bytes_with_nul_unchecked`][cstr_from_bytes] Cargo ----- - [Stabilize the `strip` profile option][cargo/10088] - [Stabilize future-incompat-report][cargo/10165] - [Support abbreviating `--release` as `-r`][cargo/10133] - [Support `term.quiet` configuration][cargo/10152] - [Remove `--host` from cargo {publish,search,login}][cargo/10145] Compatibility Notes ------------------- - [Refactor weak symbols in std::sys::unix][90846] This may add new, versioned, symbols when building with a newer glibc, as the standard library uses weak linkage rather than dynamically attempting to load certain symbols at runtime. - [Deprecate crate_type and crate_name nested inside `#![cfg_attr]`][83744] This adds a future compatibility lint to supporting the use of cfg_attr wrapping either crate_type or crate_name specification within Rust files; it is recommended that users migrate to setting the equivalent command line flags. - [Remove effect of `#[no_link]` attribute on name resolution][92034] This may expose new names, leading to conflicts with preexisting names in a given namespace and a compilation failure. - [Cargo will document libraries before binaries.][cargo/10172] - [Respect doc=false in dependencies, not just the root crate][cargo/10201] - [Weaken guarantee around advancing underlying iterators in zip][83791] - [Make split_inclusive() on an empty slice yield an empty output][89825] - [Update std::env::temp_dir to use GetTempPath2 on Windows when available.][89999] - [unreachable! was updated to match other formatting macro behavior on Rust 2021][92137] Internal Changes ---------------- These changes provide no direct user facing benefits, but represent significant improvements to the internals and overall performance of rustc and related tools. - [Fix many cases of normalization-related ICEs][91255] - [Replace dominators algorithm with simple Lengauer-Tarjan][85013] - [Store liveness in interval sets for region inference][90637] - [Remove `in_band_lifetimes` from the compiler and standard library, in preparation for removing this unstable feature.][91867] [91867]: rust-lang/rust#91867 [83744]: rust-lang/rust#83744 [83791]: rust-lang/rust#83791 [85013]: rust-lang/rust#85013 [89825]: rust-lang/rust#89825 [89999]: rust-lang/rust#89999 [90128]: rust-lang/rust#90128 [90207]: rust-lang/rust#90207 [90521]: rust-lang/rust#90521 [90586]: rust-lang/rust#90586 [90637]: rust-lang/rust#90637 [90833]: rust-lang/rust#90833 [90846]: rust-lang/rust#90846 [91003]: rust-lang/rust#91003 [91172]: rust-lang/rust#91172 [91255]: rust-lang/rust#91255 [91284]: rust-lang/rust#91284 [91535]: rust-lang/rust#91535 [91593]: rust-lang/rust#91593 [91728]: rust-lang/rust#91728 [91878]: rust-lang/rust#91878 [91896]: rust-lang/rust#91896 [91926]: rust-lang/rust#91926 [91984]: rust-lang/rust#91984 [92020]: rust-lang/rust#92020 [92034]: rust-lang/rust#92034 [92483]: rust-lang/rust#92483 [cargo/10088]: rust-lang/cargo#10088 [cargo/10133]: rust-lang/cargo#10133 [cargo/10145]: rust-lang/cargo#10145 [cargo/10152]: rust-lang/cargo#10152 [cargo/10165]: rust-lang/cargo#10165 [cargo/10172]: rust-lang/cargo#10172 [cargo/10201]: rust-lang/cargo#10201 [cargo/10269]: rust-lang/cargo#10269 [cstr_from_bytes]: https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#method.from_bytes_with_nul_unchecked [muninit_ptr]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.as_ptr [muninit_init]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init [muninit_init_ref]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init_ref [unwindsafe_once]: https://doc.rust-lang.org/stable/std/sync/struct.Once.html#impl-UnwindSafe [refunwindsafe_once]: https://doc.rust-lang.org/stable/std/sync/struct.Once.html#impl-RefUnwindSafe [tryfrom_ref_arr]: https://doc.rust-lang.org/stable/std/convert/trait.TryFrom.html#impl-TryFrom%3C%26%27_%20mut%20%5BT%5D%3E [lowercase]: https://doc.rust-lang.org/stable/std/char/struct.ToLowercase.html#impl-DoubleEndedIterator [uppercase]: https://doc.rust-lang.org/stable/std/char/struct.ToUppercase.html#impl-DoubleEndedIterator [try_from_char_err]: https://doc.rust-lang.org/stable/std/char/struct.TryFromCharError.html [available_parallelism]: https://doc.rust-lang.org/stable/std/thread/fn.available_parallelism.html [result-copied]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.copied [result-cloned]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.cloned [asm]: https://doc.rust-lang.org/stable/core/arch/macro.asm.html [global_asm]: https://doc.rust-lang.org/stable/core/arch/macro.global_asm.html [is_break]: https://doc.rust-lang.org/stable/std/ops/enum.ControlFlow.html#method.is_break [is_continue]: https://doc.rust-lang.org/stable/std/ops/enum.ControlFlow.html#method.is_continue [try_from_char_u8]: https://doc.rust-lang.org/stable/std/primitive.char.html#impl-TryFrom%3Cchar%3E [zip]: https://doc.rust-lang.org/stable/std/iter/fn.zip.html [is_power_of_two8]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU8.html#method.is_power_of_two [is_power_of_two16]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU16.html#method.is_power_of_two [is_power_of_two32]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU32.html#method.is_power_of_two [is_power_of_two64]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU64.html#method.is_power_of_two [is_power_of_two128]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU128.html#method.is_power_of_two [stdarch/1266]: rust-lang/stdarch#1266
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request
Apr 15, 2022
Pkgsrc changes: * Bump available bootstraps to 1.58.1. * Adjust one patch (and checksum) so that it still applies. Upstream changes: Version 1.59.0 (2022-02-24) ========================== Language -------- - [Stabilize default arguments for const generics][90207] - [Stabilize destructuring assignment][90521] - [Relax private in public lint on generic bounds and where clauses of trait impls][90586] - [Stabilize asm! and global_asm! for x86, x86_64, ARM, Aarch64, and RISC-V][91728] Compiler -------- - [Stabilize new symbol mangling format, leaving it opt-in (-Csymbol-mangling-version=v0)][90128] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Fix sparc64 ABI for aggregates with floating point members][91003] - [Warn when a `#[test]`-like built-in attribute macro is present multiple times.][91172] - [Add support for riscv64gc-unknown-freebsd][91284] - [Stabilize `-Z emit-future-incompat` as `--json future-incompat`][91535] - [Soft disable incremental compilation][94124] This release disables incremental compilation, unless the user has explicitly opted in via the newly added RUSTC_FORCE_INCREMENTAL=1 environment variable. This is due to a known and relatively frequently occurring bug in incremental compilation, which causes builds to issue internal compiler errors. This particular bug is already fixed on nightly, but that fix has not yet rolled out to stable and is deemed too risky for a direct stable backport. As always, we encourage users to test with nightly and report bugs so that we can track failures and fix issues earlier. See [94124] for more details. [94124]: rust-lang/rust#94124 Libraries --------- - [Remove unnecessary bounds for some Hash{Map,Set} methods][91593] Stabilized APIs --------------- - [`std::thread::available_parallelism`][available_parallelism] - [`Result::copied`][result-copied] - [`Result::cloned`][result-cloned] - [`arch::asm!`][asm] - [`arch::global_asm!`][global_asm] - [`ops::ControlFlow::is_break`][is_break] - [`ops::ControlFlow::is_continue`][is_continue] - [`TryFrom<char> for u8`][try_from_char_u8] - [`char::TryFromCharError`][try_from_char_err] implementing `Clone`, `Debug`, `Display`, `PartialEq`, `Copy`, `Eq`, `Error` - [`iter::zip`][zip] - [`NonZeroU8::is_power_of_two`][is_power_of_two8] - [`NonZeroU16::is_power_of_two`][is_power_of_two16] - [`NonZeroU32::is_power_of_two`][is_power_of_two32] - [`NonZeroU64::is_power_of_two`][is_power_of_two64] - [`NonZeroU128::is_power_of_two`][is_power_of_two128] - [`DoubleEndedIterator for ToLowercase`][lowercase] - [`DoubleEndedIterator for ToUppercase`][uppercase] - [`TryFrom<&mut [T]> for [T; N]`][tryfrom_ref_arr] - [`UnwindSafe for Once`][unwindsafe_once] - [`RefUnwindSafe for Once`][refunwindsafe_once] - [armv8 neon intrinsics for aarch64][stdarch/1266] Const-stable: - [`mem::MaybeUninit::as_ptr`][muninit_ptr] - [`mem::MaybeUninit::assume_init`][muninit_init] - [`mem::MaybeUninit::assume_init_ref`][muninit_init_ref] - [`ffi::CStr::from_bytes_with_nul_unchecked`][cstr_from_bytes] Cargo ----- - [Stabilize the `strip` profile option][cargo/10088] - [Stabilize future-incompat-report][cargo/10165] - [Support abbreviating `--release` as `-r`][cargo/10133] - [Support `term.quiet` configuration][cargo/10152] - [Remove `--host` from cargo {publish,search,login}][cargo/10145] Compatibility Notes ------------------- - [Refactor weak symbols in std::sys::unix][90846] This may add new, versioned, symbols when building with a newer glibc, as the standard library uses weak linkage rather than dynamically attempting to load certain symbols at runtime. - [Deprecate crate_type and crate_name nested inside `#![cfg_attr]`][83744] This adds a future compatibility lint to supporting the use of cfg_attr wrapping either crate_type or crate_name specification within Rust files; it is recommended that users migrate to setting the equivalent command line flags. - [Remove effect of `#[no_link]` attribute on name resolution][92034] This may expose new names, leading to conflicts with preexisting names in a given namespace and a compilation failure. - [Cargo will document libraries before binaries.][cargo/10172] - [Respect doc=false in dependencies, not just the root crate][cargo/10201] - [Weaken guarantee around advancing underlying iterators in zip][83791] - [Make split_inclusive() on an empty slice yield an empty output][89825] - [Update std::env::temp_dir to use GetTempPath2 on Windows when available.][89999] - [unreachable! was updated to match other formatting macro behavior on Rust 2021][92137] Internal Changes ---------------- These changes provide no direct user facing benefits, but represent significant improvements to the internals and overall performance of rustc and related tools. - [Fix many cases of normalization-related ICEs][91255] - [Replace dominators algorithm with simple Lengauer-Tarjan][85013] - [Store liveness in interval sets for region inference][90637] - [Remove `in_band_lifetimes` from the compiler and standard library, in preparation for removing this unstable feature.][91867] [91867]: rust-lang/rust#91867 [83744]: rust-lang/rust#83744 [83791]: rust-lang/rust#83791 [85013]: rust-lang/rust#85013 [89825]: rust-lang/rust#89825 [89999]: rust-lang/rust#89999 [90128]: rust-lang/rust#90128 [90207]: rust-lang/rust#90207 [90521]: rust-lang/rust#90521 [90586]: rust-lang/rust#90586 [90637]: rust-lang/rust#90637 [90833]: rust-lang/rust#90833 [90846]: rust-lang/rust#90846 [91003]: rust-lang/rust#91003 [91172]: rust-lang/rust#91172 [91255]: rust-lang/rust#91255 [91284]: rust-lang/rust#91284 [91535]: rust-lang/rust#91535 [91593]: rust-lang/rust#91593 [91728]: rust-lang/rust#91728 [91878]: rust-lang/rust#91878 [91896]: rust-lang/rust#91896 [91926]: rust-lang/rust#91926 [91984]: rust-lang/rust#91984 [92020]: rust-lang/rust#92020 [92034]: rust-lang/rust#92034 [92483]: rust-lang/rust#92483 [cargo/10088]: rust-lang/cargo#10088 [cargo/10133]: rust-lang/cargo#10133 [cargo/10145]: rust-lang/cargo#10145 [cargo/10152]: rust-lang/cargo#10152 [cargo/10165]: rust-lang/cargo#10165 [cargo/10172]: rust-lang/cargo#10172 [cargo/10201]: rust-lang/cargo#10201 [cargo/10269]: rust-lang/cargo#10269 [cstr_from_bytes]: https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#method.from_bytes_with_nul_unchecked [muninit_ptr]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.as_ptr [muninit_init]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init [muninit_init_ref]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init_ref [unwindsafe_once]: https://doc.rust-lang.org/stable/std/sync/struct.Once.html#impl-UnwindSafe [refunwindsafe_once]: https://doc.rust-lang.org/stable/std/sync/struct.Once.html#impl-RefUnwindSafe [tryfrom_ref_arr]: https://doc.rust-lang.org/stable/std/convert/trait.TryFrom.html#impl-TryFrom%3C%26%27_%20mut%20%5BT%5D%3E [lowercase]: https://doc.rust-lang.org/stable/std/char/struct.ToLowercase.html#impl-DoubleEndedIterator [uppercase]: https://doc.rust-lang.org/stable/std/char/struct.ToUppercase.html#impl-DoubleEndedIterator [try_from_char_err]: https://doc.rust-lang.org/stable/std/char/struct.TryFromCharError.html [available_parallelism]: https://doc.rust-lang.org/stable/std/thread/fn.available_parallelism.html [result-copied]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.copied [result-cloned]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.cloned [asm]: https://doc.rust-lang.org/stable/core/arch/macro.asm.html [global_asm]: https://doc.rust-lang.org/stable/core/arch/macro.global_asm.html [is_break]: https://doc.rust-lang.org/stable/std/ops/enum.ControlFlow.html#method.is_break [is_continue]: https://doc.rust-lang.org/stable/std/ops/enum.ControlFlow.html#method.is_continue [try_from_char_u8]: https://doc.rust-lang.org/stable/std/primitive.char.html#impl-TryFrom%3Cchar%3E [zip]: https://doc.rust-lang.org/stable/std/iter/fn.zip.html [is_power_of_two8]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU8.html#method.is_power_of_two [is_power_of_two16]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU16.html#method.is_power_of_two [is_power_of_two32]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU32.html#method.is_power_of_two [is_power_of_two64]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU64.html#method.is_power_of_two [is_power_of_two128]: https://doc.rust-lang.org/stable/core/num/struct.NonZeroU128.html#method.is_power_of_two [stdarch/1266]: rust-lang/stdarch#1266
dims
mentioned this pull request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters