* [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
@ 2015-04-27 20:29 Zac Medico
2015-04-28 1:27 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
2015-04-28 1:53 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
0 siblings, 2 replies; 4+ messages in thread
From: Zac Medico @ 2015-04-27 20:29 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
paths in PATH could trigger exec loops or fork bombs in wrappers.
Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
X-Gentoo-Bug: 547086
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
---
bin/ebuild-helpers/bsd/sed | 3 ++-
bin/ebuild-helpers/portageq | 3 ++-
bin/ebuild-helpers/unprivileged/chown | 3 ++-
bin/ebuild-helpers/xattr/install | 12 ++++++++++--
4 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
index 01b8847..3d04ed6 100755
--- a/bin/ebuild-helpers/bsd/sed
+++ b/bin/ebuild-helpers/bsd/sed
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2007-2012 Gentoo Foundation
+# Copyright 2007-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,7 @@ else
for path in $PATH; do
if [[ -x ${path}/${scriptname} ]]; then
+ [[ ${path} == *portage* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
exec "${path}/${scriptname}" "$@"
exit 0
diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
index 4151bac..1d9e208 100755
--- a/bin/ebuild-helpers/portageq
+++ b/bin/ebuild-helpers/portageq
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2009-2013 Gentoo Foundation
+# Copyright 2009-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,7 @@ set -f # in case ${PATH} contains any shell glob characters
for path in ${PATH}; do
[[ -x ${path}/${scriptname} ]] || continue
+ [[ ${path} == *portage* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
index 08fa650..00494b6 100755
--- a/bin/ebuild-helpers/unprivileged/chown
+++ b/bin/ebuild-helpers/unprivileged/chown
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2012-2013 Gentoo Foundation
+# Copyright 2012-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -9,6 +9,7 @@ IFS=':'
for path in ${PATH}; do
[[ -x ${path}/${scriptname} ]] || continue
+ [[ ${path} == *portage* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
IFS=$' \t\n'
output=$("${path}/${scriptname}" "$@" 2>&1)
diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
index d572fe6..2a44b15 100755
--- a/bin/ebuild-helpers/xattr/install
+++ b/bin/ebuild-helpers/xattr/install
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2013 Gentoo Foundation
+# Copyright 2013-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
@@ -25,7 +25,15 @@ else
fi
if [[ "${implementation}" == "c" ]]; then
- exec "${INSTALL_XATTR}" "$@"
+ # Filter internal portage paths from PATH, in order to avoid
+ # a possible exec loop or fork bomb (see bug 547086).
+ IFS=':'
+ set -f
+ path=
+ for x in ${PATH}; do
+ [[ ${x} == *portage* ]] || path+=":${x}"
+ done
+ PATH=${path#:} exec "${INSTALL_XATTR}" "$@"
elif [[ "${implementation}" == "python" ]]; then
PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
exec "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/install.py" "$@"
--
2.3.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-portage-dev] [PATCH v2] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
2015-04-27 20:29 [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) Zac Medico
@ 2015-04-28 1:27 ` Zac Medico
2015-04-28 1:53 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
1 sibling, 0 replies; 4+ messages in thread
From: Zac Medico @ 2015-04-28 1:27 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
paths in PATH could trigger exec loops or fork bombs in wrappers.
Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
X-Gentoo-Bug: 547086
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
---
[PATCH v2] makes the path patterns more explicit, in order to avoid false
positive matches, and fixes the install wrapper to adust PATH for install.py.
bin/ebuild-helpers/bsd/sed | 4 +++-
bin/ebuild-helpers/portageq | 4 +++-
bin/ebuild-helpers/unprivileged/chown | 4 +++-
bin/ebuild-helpers/xattr/install | 14 +++++++++++++-
4 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
index 01b8847..e6d4ba7 100755
--- a/bin/ebuild-helpers/bsd/sed
+++ b/bin/ebuild-helpers/bsd/sed
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2007-2012 Gentoo Foundation
+# Copyright 2007-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,8 @@ else
for path in $PATH; do
if [[ -x ${path}/${scriptname} ]]; then
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${x} == */._portage_reinstall_.* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
exec "${path}/${scriptname}" "$@"
exit 0
diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
index 4151bac..0c8ac4c 100755
--- a/bin/ebuild-helpers/portageq
+++ b/bin/ebuild-helpers/portageq
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2009-2013 Gentoo Foundation
+# Copyright 2009-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob characters
for path in ${PATH}; do
[[ -x ${path}/${scriptname} ]] || continue
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${x} == */._portage_reinstall_.* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
index 08fa650..a374435 100755
--- a/bin/ebuild-helpers/unprivileged/chown
+++ b/bin/ebuild-helpers/unprivileged/chown
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2012-2013 Gentoo Foundation
+# Copyright 2012-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -9,6 +9,8 @@ IFS=':'
for path in ${PATH}; do
[[ -x ${path}/${scriptname} ]] || continue
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${x} == */._portage_reinstall_.* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
IFS=$' \t\n'
output=$("${path}/${scriptname}" "$@" 2>&1)
diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
index d572fe6..2d2a693 100755
--- a/bin/ebuild-helpers/xattr/install
+++ b/bin/ebuild-helpers/xattr/install
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2013 Gentoo Foundation
+# Copyright 2013-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
@@ -24,6 +24,18 @@ else
fi
fi
+# Filter internal portage paths from PATH, in order to avoid
+# a possible exec loop or fork bomb (see bug 547086).
+IFS=':'
+set -f
+path=
+for x in ${PATH}; do
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${x} == */._portage_reinstall_.* ]] && continue
+ path+=":${x}"
+done
+PATH=${path#:}
+
if [[ "${implementation}" == "c" ]]; then
exec "${INSTALL_XATTR}" "$@"
elif [[ "${implementation}" == "python" ]]; then
--
2.3.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-portage-dev] [PATCH v3] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
2015-04-27 20:29 [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) Zac Medico
2015-04-28 1:27 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
@ 2015-04-28 1:53 ` Zac Medico
2015-04-28 14:46 ` Brian Dolbec
1 sibling, 1 reply; 4+ messages in thread
From: Zac Medico @ 2015-04-28 1:53 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
paths in PATH could trigger exec loops or fork bombs in wrappers.
Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
X-Gentoo-Bug: 547086
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
---
[PATCH v3] fixes broken ${X} references
bin/ebuild-helpers/bsd/sed | 4 +++-
bin/ebuild-helpers/portageq | 4 +++-
bin/ebuild-helpers/unprivileged/chown | 4 +++-
bin/ebuild-helpers/xattr/install | 14 +++++++++++++-
4 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
index 01b8847..9a7f2d4 100755
--- a/bin/ebuild-helpers/bsd/sed
+++ b/bin/ebuild-helpers/bsd/sed
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2007-2012 Gentoo Foundation
+# Copyright 2007-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,8 @@ else
for path in $PATH; do
if [[ -x ${path}/${scriptname} ]]; then
+ [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${path} == */._portage_reinstall_.* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
exec "${path}/${scriptname}" "$@"
exit 0
diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
index 4151bac..ba889eb 100755
--- a/bin/ebuild-helpers/portageq
+++ b/bin/ebuild-helpers/portageq
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2009-2013 Gentoo Foundation
+# Copyright 2009-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob characters
for path in ${PATH}; do
[[ -x ${path}/${scriptname} ]] || continue
+ [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${path} == */._portage_reinstall_.* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
index 08fa650..2f1f161 100755
--- a/bin/ebuild-helpers/unprivileged/chown
+++ b/bin/ebuild-helpers/unprivileged/chown
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2012-2013 Gentoo Foundation
+# Copyright 2012-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
scriptpath=${BASH_SOURCE[0]}
@@ -9,6 +9,8 @@ IFS=':'
for path in ${PATH}; do
[[ -x ${path}/${scriptname} ]] || continue
+ [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${path} == */._portage_reinstall_.* ]] && continue
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
IFS=$' \t\n'
output=$("${path}/${scriptname}" "$@" 2>&1)
diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
index d572fe6..2d2a693 100755
--- a/bin/ebuild-helpers/xattr/install
+++ b/bin/ebuild-helpers/xattr/install
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2013 Gentoo Foundation
+# Copyright 2013-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
@@ -24,6 +24,18 @@ else
fi
fi
+# Filter internal portage paths from PATH, in order to avoid
+# a possible exec loop or fork bomb (see bug 547086).
+IFS=':'
+set -f
+path=
+for x in ${PATH}; do
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
+ [[ ${x} == */._portage_reinstall_.* ]] && continue
+ path+=":${x}"
+done
+PATH=${path#:}
+
if [[ "${implementation}" == "c" ]]; then
exec "${INSTALL_XATTR}" "$@"
elif [[ "${implementation}" == "python" ]]; then
--
2.3.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [gentoo-portage-dev] [PATCH v3] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
2015-04-28 1:53 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
@ 2015-04-28 14:46 ` Brian Dolbec
0 siblings, 0 replies; 4+ messages in thread
From: Brian Dolbec @ 2015-04-28 14:46 UTC (permalink / raw
To: gentoo-portage-dev
On Mon, 27 Apr 2015 18:53:02 -0700
Zac Medico <zmedico@gentoo.org> wrote:
> Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
> paths in PATH could trigger exec loops or fork bombs in wrappers.
>
> Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp
> PORTAGE_BIN_PATH (bug 547086)") X-Gentoo-Bug: 547086
> X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
> ---
> [PATCH v3] fixes broken ${X} references
>
> bin/ebuild-helpers/bsd/sed | 4 +++-
> bin/ebuild-helpers/portageq | 4 +++-
> bin/ebuild-helpers/unprivileged/chown | 4 +++-
> bin/ebuild-helpers/xattr/install | 14 +++++++++++++-
> 4 files changed, 22 insertions(+), 4 deletions(-)
>
> diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
> index 01b8847..9a7f2d4 100755
> --- a/bin/ebuild-helpers/bsd/sed
> +++ b/bin/ebuild-helpers/bsd/sed
> @@ -1,5 +1,5 @@
> #!/bin/bash
> -# Copyright 2007-2012 Gentoo Foundation
> +# Copyright 2007-2015 Gentoo Foundation
> # Distributed under the terms of the GNU General Public License v2
>
> scriptpath=${BASH_SOURCE[0]}
> @@ -15,6 +15,8 @@ else
>
> for path in $PATH; do
> if [[ -x ${path}/${scriptname} ]]; then
> + [[ ${path} ==
> ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
> + [[ ${path} == */._portage_reinstall_.* ]] &&
> continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
> exec "${path}/${scriptname}" "$@"
> exit 0
> diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
> index 4151bac..ba889eb 100755
> --- a/bin/ebuild-helpers/portageq
> +++ b/bin/ebuild-helpers/portageq
> @@ -1,5 +1,5 @@
> #!/bin/bash
> -# Copyright 2009-2013 Gentoo Foundation
> +# Copyright 2009-2015 Gentoo Foundation
> # Distributed under the terms of the GNU General Public License v2
>
> scriptpath=${BASH_SOURCE[0]}
> @@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob
> characters
> for path in ${PATH}; do
> [[ -x ${path}/${scriptname} ]] || continue
> + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/*
> ]] && continue
> + [[ ${path} == */._portage_reinstall_.* ]] && continue
> [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
> PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
> exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
> diff --git a/bin/ebuild-helpers/unprivileged/chown
> b/bin/ebuild-helpers/unprivileged/chown index 08fa650..2f1f161 100755
> --- a/bin/ebuild-helpers/unprivileged/chown
> +++ b/bin/ebuild-helpers/unprivileged/chown
> @@ -1,5 +1,5 @@
> #!/bin/bash
> -# Copyright 2012-2013 Gentoo Foundation
> +# Copyright 2012-2015 Gentoo Foundation
> # Distributed under the terms of the GNU General Public License v2
>
> scriptpath=${BASH_SOURCE[0]}
> @@ -9,6 +9,8 @@ IFS=':'
>
> for path in ${PATH}; do
> [[ -x ${path}/${scriptname} ]] || continue
> + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/*
> ]] && continue
> + [[ ${path} == */._portage_reinstall_.* ]] && continue
> [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
> IFS=$' \t\n'
> output=$("${path}/${scriptname}" "$@" 2>&1)
> diff --git a/bin/ebuild-helpers/xattr/install
> b/bin/ebuild-helpers/xattr/install index d572fe6..2d2a693 100755
> --- a/bin/ebuild-helpers/xattr/install
> +++ b/bin/ebuild-helpers/xattr/install
> @@ -1,5 +1,5 @@
> #!/bin/bash
> -# Copyright 2013 Gentoo Foundation
> +# Copyright 2013-2015 Gentoo Foundation
> # Distributed under the terms of the GNU General Public License v2
>
> PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
> @@ -24,6 +24,18 @@ else
> fi
> fi
>
> +# Filter internal portage paths from PATH, in order to avoid
> +# a possible exec loop or fork bomb (see bug 547086).
> +IFS=':'
> +set -f
> +path=
> +for x in ${PATH}; do
> + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]]
> && continue
> + [[ ${x} == */._portage_reinstall_.* ]] && continue
> + path+=":${x}"
> +done
> +PATH=${path#:}
> +
> if [[ "${implementation}" == "c" ]]; then
> exec "${INSTALL_XATTR}" "$@"
> elif [[ "${implementation}" == "python" ]]; then
looks good
--
Brian Dolbec <dolsen>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-04-28 14:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-27 20:29 [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) Zac Medico
2015-04-28 1:27 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
2015-04-28 1:53 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
2015-04-28 14:46 ` Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox