Opened 8 years ago

Closed 5 years ago

#9551 closed defect (fixed)

Sage can try to write outside $SAGE_ROOT - potentially screwing a system up

Reported by: drkirkby Owned by: GeorgSWeber
Priority: critical Milestone: sage-duplicate/invalid/wontfix
Component: build Keywords:
Cc: AlexanderDreyer, leif Merged in:
Authors: Reviewers: Jeroen Demeyer
Report Upstream: N/A Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description (last modified by drkirkby)

As reported here:

http://groups.google.co.uk/group/sage-devel/browse_thread/thread/60d384d785d9f034/9cdf5d6fbecf23d0?lnk=gst&q=write+kirkby#9cdf5d6fbecf23d0

Sage tried to write /usr/lib/python2.4/site-packages/ on t2.math.washington.edu. A larger section of the error is shown further down the ticket, but the most critical line is:

error: could not create '/usr/lib/python2.4/site-packages/rpy2': Permission denied

Recent(ish) version of Solaris 10 include Python 2.4.4 in /usr/bin, with libraries in /lib/python2.4/, which is where the Sage build tried to write.

This was on the 4.5.alpha0 build, though I'm not aware of any one else raising this issue, so it's quite possible nothing has been done to fix the bug in the latest build (4.5 as I write).

Since I'm not stupid enough to build Sage as root, this was not a problem, and just resulted in a failed build. But I'm well aware many people do build Sage as root, in which case this could be very serious. (I guess one could argue they got what they deserved).

Another ticket I created (#9209) shows that Sage can fail to build if a user has a local installation of python, but if one makes that installation unreadable, so Sage will build.

Another, possibly relevant ticket is #9536

I personally do not have the python skills to sort this out, but I do believe it is potentially a serious problem, as a user can mess up their system by writing to system directories.

copying rpy/rinterface/tests/test_SexpVector.py ->
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/tests
copying rpy/rinterface/tests/test_SexpEnvironment.py ->
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/tests
copying rpy/rinterface/tests/__init__.py ->
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/tests
copying rpy/rinterface/tests/test_SexpClosure.py ->
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/tests
copying rpy/rinterface/tests/test_EmbeddedR.py ->
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/tests
copying rpy/rinterface/tests/test_SexpVectorNumeric.py ->
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/tests
running build_ext
building 'rpy2.rinterface.rinterface' extension
creating build/temp.solaris-2.10-sun4v-2.4
creating build/temp.solaris-2.10-sun4v-2.4/rpy
creating build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface
/usr/lib/python2.4/pycc -DNDEBUG
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/ -O2 -g -m64
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include -DR_INTERFACE_PTRS=1
-DCSTACK_DEFNS=1 -DRIF_HAS_RSIGHAND=1
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/include -Irpy/rinterface
-I/usr/include/python2.4 -c rpy/rinterface/array.c -o
build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface/array.o
/usr/lib/python2.4/pycc -DNDEBUG
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/ -O2 -g -m64
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include -DR_INTERFACE_PTRS=1
-DCSTACK_DEFNS=1 -DRIF_HAS_RSIGHAND=1
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/include -Irpy/rinterface
-I/usr/include/python2.4 -c rpy/rinterface/r_utils.c -o
build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface/r_utils.o
/usr/lib/python2.4/pycc -DNDEBUG
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/ -O2 -g -m64
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include -DR_INTERFACE_PTRS=1
-DCSTACK_DEFNS=1 -DRIF_HAS_RSIGHAND=1
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/include -Irpy/rinterface
-I/usr/include/python2.4 -c rpy/rinterface/rinterface.c -o
build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface/rinterface.o
/usr/lib/python2.4/pycc -G -L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/
-m64 -I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/ -O2 -g -m64
-I/rootpool2/local/kirkby/sage-4.5.alpha0/local/include
build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface/array.o
build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface/r_utils.o
build/temp.solaris-2.10-sun4v-2.4/rpy/rinterface/rinterface.o
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/lib
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/modules
-R/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/lib
-R/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R/modules -lR -o
build/lib.solaris-2.10-sun4v-2.4/rpy2/rinterface/rinterface.so
-L/rootpool2/local/kirkby/sage-4.5.alpha0/local/lib/R//lib -lR -llapack -lblas
running install_lib
creating /usr/lib/python2.4/site-packages/rpy2
error: could not create '/usr/lib/python2.4/site-packages/rpy2': Permission denied
Error building RPY -- Python interface to R. 

Change History (8)

comment:1 Changed 8 years ago by drkirkby

  • Description modified (diff)

comment:2 Changed 8 years ago by drkirkby

  • Description modified (diff)

comment:3 Changed 8 years ago by AlexanderDreyer

To be better save than sorry, the spkg-install script of rpy should call python setup.py --prefix=$SAGE_HOME etc.

comment:4 in reply to: ↑ description Changed 7 years ago by ecurry

It might be useful if the README.TXT file (eg. at http://boxen.math.washington.edu/sage/src/README.txt) included a warning against building Sage as root, such as the install guide (http://www.sagemath.org/doc/installation/source.html#steps-to-install-from-source - Step 7) has, at least until this ticket gets fixed.

-Eva

Replying to drkirkby:

As reported here:

http://groups.google.co.uk/group/sage-devel/browse_thread/thread/60d384d785d9f034/9cdf5d6fbecf23d0?lnk=gst&q=write+kirkby#9cdf5d6fbecf23d0

Sage tried to write /usr/lib/python2.4/site-packages/ on t2.math.washington.edu. A larger section of the error is shown further down the ticket, but the most critical line is:

error: could not create '/usr/lib/python2.4/site-packages/rpy2': Permission denied

Recent(ish) version of Solaris 10 include Python 2.4.4 in /usr/bin, with libraries in /lib/python2.4/, which is where the Sage build tried to write.

This was on the 4.5.alpha0 build, though I'm not aware of any one else raising this issue, so it's quite possible nothing has been done to fix the bug in the latest build (4.5 as I write).

Since I'm not stupid enough to build Sage as root, this was not a problem, and just resulted in a failed build. But I'm well aware many people do build Sage as root, in which case this could be very serious. (I guess one could argue they got what they deserved).

comment:5 Changed 5 years ago by jdemeyer

  • Milestone changed from sage-5.11 to sage-5.12

comment:6 Changed 5 years ago by jdemeyer

  • Milestone changed from sage-6.1 to sage-duplicate/invalid/wontfix
  • Reviewers set to Jeroen Demeyer
  • Status changed from new to needs_review

I have never seen this error recently, so I guess it is fixed.

comment:7 Changed 5 years ago by jdemeyer

  • Status changed from needs_review to positive_review

comment:8 Changed 5 years ago by vbraun

  • Resolution set to fixed
  • Status changed from positive_review to closed
Note: See TracTickets for help on using tickets.