[gentoo-dev] [PATCH] savedconfig.eclass: do not preserve symlink in restore_config

[gentoo-dev] [PATCH] savedconfig.eclass: do not preserve symlink in restore_config

[Mike Gilbert]

This allows users to maintain the saved config file in some other
location.

Also drop the recursive (-R) option; this cp command is only executed
when we are restoring a single regular file.

Closes: https://bugs.gentoo.org/907696
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
 eclass/savedconfig.eclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eclass/savedconfig.eclass b/eclass/savedconfig.eclass
index cc5748543078..a778dfba0245 100644
--- a/eclass/savedconfig.eclass
+++ b/eclass/savedconfig.eclass
@@ -124,8 +124,8 @@ restore_config() {
 
 	if [[ -f ${found} ]]; then
 		elog "Building using saved configfile \"${found}\""
-		if [ $# -gt 0 ]; then
-			cp -pPR	"${found}" "$1" || die "Failed to restore ${found} to $1"
+		if [[ $# -gt 0 ]]; then
+			cp -p "${found}" "$1" || die "Failed to restore ${found} to $1"
 		else
 			die "need to know the restoration filename"
 		fi
-- 
2.40.1

Re: [gentoo-dev] [PATCH] savedconfig.eclass: do not preserve symlink in restore_config

[Michael Orlitzky]

On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote:
> This allows users to maintain the saved config file in some other
> location.
> 

If so, the symlink should point to a superuser-only location to avoid
creating any new vulnerabilities. We can't fix the general problem, but
we could at least mention in the docs that symlinks will (now) be
followed and that users should be careful if they want to maintain the
files elsewhere.

Re: [gentoo-dev] [PATCH] savedconfig.eclass: do not preserve symlink in restore_config

[Mike Gilbert]

On Sun, Jun 4, 2023 at 2:03 PM Michael Orlitzky <mjo@gentoo.org> wrote:
>
> On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote:
> > This allows users to maintain the saved config file in some other
> > location.
> >
>
> If so, the symlink should point to a superuser-only location to avoid
> creating any new vulnerabilities. We can't fix the general problem, but
> we could at least mention in the docs that symlinks will (now) be
> followed and that users should be careful if they want to maintain the
> files elsewhere.

That seems self-evident to me, and I don't think it warrants a callout
in the documentation.

Re: [gentoo-dev] [PATCH] savedconfig.eclass: do not preserve symlink in restore_config

[Arsen Arsenović]

[-- Attachment #1: Type: text/plain, Size: 574 bytes --]


Michael Orlitzky <mjo@gentoo.org> writes:

> If so, the symlink should point to a superuser-only location to avoid
> creating any new vulnerabilities. We can't fix the general problem, but
> we could at least mention in the docs that symlinks will (now) be
> followed and that users should be careful if they want to maintain the
> files elsewhere.

I believe that the target directory of this cp can be considered
equivalent in terms of access to any superuser-only directory, so I'm
not sure I see the problem with this change.

LGTM
-- 
Arsen Arsenović

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 381 bytes --]

Re: [gentoo-dev] [PATCH] savedconfig.eclass: do not preserve symlink in restore_config

[Michael Orlitzky]

On Sun, 2023-06-04 at 20:46 +0200, Arsen Arsenović wrote:
> 
> I believe that the target directory of this cp can be considered
> equivalent in terms of access to any superuser-only directory, so I'm
> not sure I see the problem with this change.

It silently changes something that was safe (but stupid) to something
unsafe (but still stupid).