public inbox for gentoo-portage-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
@ 2015-04-27 20:29 Zac Medico
  2015-04-28  1:27 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
  2015-04-28  1:53 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
  0 siblings, 2 replies; 4+ messages in thread
From: Zac Medico @ 2015-04-27 20:29 UTC (permalink / raw
  To: gentoo-portage-dev; +Cc: Zac Medico

Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
paths in PATH could trigger exec loops or fork bombs in wrappers.

Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
X-Gentoo-Bug: 547086
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
---
 bin/ebuild-helpers/bsd/sed            |  3 ++-
 bin/ebuild-helpers/portageq           |  3 ++-
 bin/ebuild-helpers/unprivileged/chown |  3 ++-
 bin/ebuild-helpers/xattr/install      | 12 ++++++++++--
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
index 01b8847..3d04ed6 100755
--- a/bin/ebuild-helpers/bsd/sed
+++ b/bin/ebuild-helpers/bsd/sed
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2007-2012 Gentoo Foundation
+# Copyright 2007-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,7 @@ else
 
 	for path in $PATH; do
 		if [[ -x ${path}/${scriptname} ]]; then
+			[[ ${path} == *portage* ]] && continue
 			[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
 			exec "${path}/${scriptname}" "$@"
 			exit 0
diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
index 4151bac..1d9e208 100755
--- a/bin/ebuild-helpers/portageq
+++ b/bin/ebuild-helpers/portageq
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2009-2013 Gentoo Foundation
+# Copyright 2009-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 scriptpath=${BASH_SOURCE[0]}
@@ -15,6 +15,7 @@ set -f # in case ${PATH} contains any shell glob characters
 
 for path in ${PATH}; do
 	[[ -x ${path}/${scriptname} ]] || continue
+	[[ ${path} == *portage* ]] && continue
 	[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
 	PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 		exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
index 08fa650..00494b6 100755
--- a/bin/ebuild-helpers/unprivileged/chown
+++ b/bin/ebuild-helpers/unprivileged/chown
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2012-2013 Gentoo Foundation
+# Copyright 2012-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 scriptpath=${BASH_SOURCE[0]}
@@ -9,6 +9,7 @@ IFS=':'
 
 for path in ${PATH}; do
 	[[ -x ${path}/${scriptname} ]] || continue
+	[[ ${path} == *portage* ]] && continue
 	[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
 	IFS=$' \t\n'
 	output=$("${path}/${scriptname}" "$@" 2>&1)
diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
index d572fe6..2a44b15 100755
--- a/bin/ebuild-helpers/xattr/install
+++ b/bin/ebuild-helpers/xattr/install
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2013 Gentoo Foundation
+# Copyright 2013-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
@@ -25,7 +25,15 @@ else
 fi
 
 if [[ "${implementation}" == "c" ]]; then
-	exec "${INSTALL_XATTR}" "$@"
+	# Filter internal portage paths from PATH, in order to avoid
+	# a possible exec loop or fork bomb (see bug 547086).
+	IFS=':'
+	set -f
+	path=
+	for x in ${PATH}; do
+		[[ ${x} == *portage* ]] || path+=":${x}"
+	done
+	PATH=${path#:} exec "${INSTALL_XATTR}" "$@"
 elif [[ "${implementation}" == "python" ]]; then
 	PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 		exec "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/install.py" "$@"
-- 
2.3.5



^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-04-28 14:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-27 20:29 [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) Zac Medico
2015-04-28  1:27 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
2015-04-28  1:53 ` [gentoo-portage-dev] [PATCH v3] " Zac Medico
2015-04-28 14:46   ` Brian Dolbec

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox