From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 59EE2138350 for ; Sun, 15 Mar 2020 00:48:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 756AAE0AFC; Sun, 15 Mar 2020 00:48:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CF164E0AFC for ; Sun, 15 Mar 2020 00:48:24 +0000 (UTC) Received: from localhost.localdomain (unknown [IPv6:2600:8802:603:b800:36e8:94ff:fed6:b918]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id 6159634F024; Sun, 15 Mar 2020 00:48:23 +0000 (UTC) From: Zac Medico To: gentoo-portage-dev@lists.gentoo.org Cc: Zac Medico Subject: [gentoo-portage-dev] [PATCH] _prepare_workdir: apply PORTAGE_WORKDIR_MODE to PORTAGE_BUILDDIR (bug 692492) Date: Sat, 14 Mar 2020 17:46:08 -0700 Message-Id: <20200315004608.64770-1-zmedico@gentoo.org> X-Mailer: git-send-email 2.24.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: ebe081e8-e96c-4d51-b1cf-d4390c17c94d X-Archives-Hash: 4aed84c475a00594be4d53ef94643220 Apply secure PORTAGE_WORKDIR_MODE permissions to PORTAGE_BUILDDIR, since the child directory ${D} and its children may have vulnerable permissions as reported in bug 692492. Bug: https://bugs.gentoo.org/692492 Signed-off-by: Zac Medico --- .../package/ebuild/prepare_build_dirs.py | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/lib/portage/package/ebuild/prepare_build_dirs.py b/lib/portage/package/ebuild/prepare_build_dirs.py index c325819d1..8349d306f 100644 --- a/lib/portage/package/ebuild/prepare_build_dirs.py +++ b/lib/portage/package/ebuild/prepare_build_dirs.py @@ -1,4 +1,4 @@ -# Copyright 2010-2018 Gentoo Foundation +# Copyright 2010-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 from __future__ import unicode_literals @@ -84,7 +84,7 @@ def prepare_build_dirs(myroot=None, settings=None, cleanup=False): except PortageException: if not os.path.isdir(mydir): raise - for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"): + for dir_key in ("HOME", "PKG_LOGDIR", "T"): ensure_dirs(mysettings[dir_key], mode=0o755) apply_secpass_permissions(mysettings[dir_key], uid=portage_uid, gid=portage_gid) @@ -272,11 +272,18 @@ def _prepare_workdir(mysettings): writemsg(_("!!! Unable to parse PORTAGE_WORKDIR_MODE='%s', using %s.\n") % \ (mysettings["PORTAGE_WORKDIR_MODE"], oct(workdir_mode))) mysettings["PORTAGE_WORKDIR_MODE"] = oct(workdir_mode).replace('o', '') - try: - apply_secpass_permissions(mysettings["WORKDIR"], - uid=portage_uid, gid=portage_gid, mode=workdir_mode) - except FileNotFound: - pass # ebuild.sh will create it + + permissions = {'mode': workdir_mode} + if portage.data.secpass >= 2: + permissions['uid'] = portage_uid + if portage.data.secpass >= 1: + permissions['gid'] = portage_gid + + # Apply PORTAGE_WORKDIR_MODE to PORTAGE_BUILDDIR, since the child + # directory ${D} and its children may have vulnerable permissions + # as reported in bug 692492. + ensure_dirs(mysettings["PORTAGE_BUILDDIR"], **permissions) + ensure_dirs(mysettings["WORKDIR"], **permissions) if mysettings.get("PORTAGE_LOGDIR", "") == "": while "PORTAGE_LOGDIR" in mysettings: -- 2.24.1