[gentoo-commits] proj/portage:master commit in: /, bin/, bin/install-qa-check.d/

[gentoo-commits] proj/portage:master commit in: /, bin/, bin/install-qa-check.d/

[Sam James]

commit:     0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 31 14:40:47 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 31 14:45:35 2022 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=0f4f85ee

bin: pass -S to file to disable seccomp

Files being installed by Portage are generally trusted but also the
syscalls allowed by file are quite broad anyway.

Things can go catastrophically wrong if file misses valid input,
as we may have invalid VDB metadata.

Bug: https://bugs.gentoo.org/811462
Bug: https://bugs.gentoo.org/815877
Bug: https://bugs.gentoo.org/889046
Signed-off-by: Sam James <sam <AT> gentoo.org>

 NEWS                                   | 16 +++++++++++++---
 bin/estrip                             |  2 +-
 bin/install-qa-check.d/10ignored-flags |  2 +-
 bin/misc-functions.sh                  |  2 +-
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 77fd317b7..773df02b0 100644
--- a/NEWS
+++ b/NEWS
@@ -6,15 +6,25 @@ Features:
 
 Bug fixes:
 * checksum: Rewrite Whirlpool implementation as a C extension to substantially improve
-  performance. This only takes effect with OpenSSL 3 and newer. See bug #885909.
+  performance (bug #885909).
+
+  This only takes effect with OpenSSL 3 and newer (unnecessary otherwise).
 
   Whirlpool is considered deprecated within Portage and we recommend that
   repository maintainers remove it from `metadata/layout.conf`!
 
 * sync: git: Fix "is shallow git repository" check.
 
-* bin/*: Rewrite signal handling which will now correctly rethrow SIGINT
-  and not confuse shells. See bug #887817.
+* bin: Rewrite signal handling which will now correctly rethrow SIGINT
+  and not confuse shells (bug #887817).
+
+* bin: Pass -S to file(1) to avoid seccomp sandbox issues (bug #811462, bug #889046).
+
+  Files being installed by Portage are generally trusted but also the
+  syscalls allowed by file are quite broad anyway.
+
+  Things can go catastrophically wrong if file misses valid input,
+  as we may have invalid VDB metadata.
 
 portage-3.0.42 (2022-12-26)
 --------------

diff --git a/bin/estrip b/bin/estrip
index 6738fb4d3..cb4caca3e 100755
--- a/bin/estrip
+++ b/bin/estrip
@@ -489,7 +489,7 @@ do
 
 	(
 	__multijob_child_init
-	f=$(file "${x}") || exit 0
+	f=$(file -S "${x}") || exit 0
 	[[ -z ${f} ]] && exit 0
 
 	if ${SKIP_STRIP} ; then

diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags
index 0bda8eced..b55b074e1 100644
--- a/bin/install-qa-check.d/10ignored-flags
+++ b/bin/install-qa-check.d/10ignored-flags
@@ -31,7 +31,7 @@ ignored_flag_check() {
 			# Separate out file types that are known to support
 			# .GCC.command.line sections, using the `file` command
 			# similar to how prepstrip uses it.
-			f=$(file "${x}") || continue
+			f=$(file -S "${x}") || continue
 			[[ -z ${f} ]] && continue
 			if [[ ${f} == *"SB executable"* || ${f} == *"SB pie executable"* ||
 				${f} == *"SB shared object"* ]] ; then

diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index fc2a36fb3..55c4afe73 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -212,7 +212,7 @@ install_qa_check() {
 				needed=${l%%;*}; l=${l#*;}
 
 				# Infer implicit soname from basename (bug 715162).
-				if [[ -z ${soname} && $(file "${D%/}${obj}") == *"SB shared object"* ]]; then
+				if [[ -z ${soname} && $(file -S "${D%/}${obj}") == *"SB shared object"* ]]; then
 					soname=${obj##*/}
 				fi