From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7C732138C9D for ; Tue, 28 Apr 2015 14:45:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BD4E0E0AA6; Tue, 28 Apr 2015 14:40:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 694E0E0A87 for ; Tue, 28 Apr 2015 14:40:43 +0000 (UTC) Received: from x51r2.gaikai.org (unknown [100.42.98.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id 187DC34113B; Mon, 27 Apr 2015 20:29:25 +0000 (UTC) From: Zac Medico To: gentoo-portage-dev@lists.gentoo.org Cc: Zac Medico Subject: [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) Date: Mon, 27 Apr 2015 13:29:12 -0700 Message-Id: <1430166552-21981-1-git-send-email-zmedico@gentoo.org> X-Mailer: git-send-email 2.3.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org X-Archives-Salt: 6a8d68e6-989f-489f-948b-1d910c70d643 X-Archives-Hash: e6e1c6e5cc6c3e6ae26bd2557d6c45f4 Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage paths in PATH could trigger exec loops or fork bombs in wrappers. Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)") X-Gentoo-Bug: 547086 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086 --- bin/ebuild-helpers/bsd/sed | 3 ++- bin/ebuild-helpers/portageq | 3 ++- bin/ebuild-helpers/unprivileged/chown | 3 ++- bin/ebuild-helpers/xattr/install | 12 ++++++++++-- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed index 01b8847..3d04ed6 100755 --- a/bin/ebuild-helpers/bsd/sed +++ b/bin/ebuild-helpers/bsd/sed @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2007-2012 Gentoo Foundation +# Copyright 2007-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 scriptpath=${BASH_SOURCE[0]} @@ -15,6 +15,7 @@ else for path in $PATH; do if [[ -x ${path}/${scriptname} ]]; then + [[ ${path} == *portage* ]] && continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue exec "${path}/${scriptname}" "$@" exit 0 diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq index 4151bac..1d9e208 100755 --- a/bin/ebuild-helpers/portageq +++ b/bin/ebuild-helpers/portageq @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2009-2013 Gentoo Foundation +# Copyright 2009-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 scriptpath=${BASH_SOURCE[0]} @@ -15,6 +15,7 @@ set -f # in case ${PATH} contains any shell glob characters for path in ${PATH}; do [[ -x ${path}/${scriptname} ]] || continue + [[ ${path} == *portage* ]] && continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ exec "${PORTAGE_PYTHON:-/usr/bin/python}" \ diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown index 08fa650..00494b6 100755 --- a/bin/ebuild-helpers/unprivileged/chown +++ b/bin/ebuild-helpers/unprivileged/chown @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2012-2013 Gentoo Foundation +# Copyright 2012-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 scriptpath=${BASH_SOURCE[0]} @@ -9,6 +9,7 @@ IFS=':' for path in ${PATH}; do [[ -x ${path}/${scriptname} ]] || continue + [[ ${path} == *portage* ]] && continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue IFS=$' \t\n' output=$("${path}/${scriptname}" "$@" 2>&1) diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install index d572fe6..2a44b15 100755 --- a/bin/ebuild-helpers/xattr/install +++ b/bin/ebuild-helpers/xattr/install @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2013 Gentoo Foundation +# Copyright 2013-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin} @@ -25,7 +25,15 @@ else fi if [[ "${implementation}" == "c" ]]; then - exec "${INSTALL_XATTR}" "$@" + # Filter internal portage paths from PATH, in order to avoid + # a possible exec loop or fork bomb (see bug 547086). + IFS=':' + set -f + path= + for x in ${PATH}; do + [[ ${x} == *portage* ]] || path+=":${x}" + done + PATH=${path#:} exec "${INSTALL_XATTR}" "$@" elif [[ "${implementation}" == "python" ]]; then PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ exec "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/install.py" "$@" -- 2.3.5