[gentoo-commits] portage r9424 - main/branches/2.1.2/bin - gentoo-commits

From:	"Zac Medico (zmedico)" <zmedico@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] portage r9424 - main/branches/2.1.2/bin
Date:	Mon, 03 Mar 2008 19:24:08
Message-Id:	`E1JWGGc-0006xB-A6@stork.gentoo.org`

1

Author: zmedico

2

Date: 2008-03-03 19:24:05 +0000 (Mon, 03 Mar 2008)

3

New Revision: 9424

4

5

Modified:

6

   main/branches/2.1.2/bin/misc-functions.sh

7

Log:

8

Bug #210372 - Fix FEATURES=suidctl so that it really works again.

9

(trunk r9423)

10

11

12

Modified: main/branches/2.1.2/bin/misc-functions.sh

13

===================================================================

14

--- main/branches/2.1.2/bin/misc-functions.sh	2008-03-03 19:21:11 UTC (rev 9423)

15

+++ main/branches/2.1.2/bin/misc-functions.sh	2008-03-03 19:24:05 UTC (rev 9424)

16

@@ -464,27 +464,28 @@

17

fi

18

 	# total suid control.

19

 	if hasq suidctl $FEATURES; then

20

+		local sfconf

21

 		sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf

22

+		# sandbox prevents us from writing directly

23

+		# to files outside of the sandbox, but this

24

+		# can easly be bypassed using the addwrite() function

25

+		addwrite "${sfconf}"

26

 		vecho ">>> Performing suid scan in ${D}"

27

 		for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do

28

 			if [ -s "${sfconf}" ]; then

29

-				suid="$(grep "^/${i#${D}}$" "${sfconf}")"

30

-				if [ "${suid}" = "${i/${D}}" ]; then

31

-					vecho "- ${i/${D}} is an approved suid file"

32

+				install_path=/${i#${D}}

33

+				if grep -q "^${install_path}\$" "${sfconf}" ; then

34

+					vecho "- ${install_path} is an approved suid file"

35

 				else

36

-					vecho ">>> Removing sbit on non registered ${i/${D}}"

37

+					vecho ">>> Removing sbit on non registered ${install_path}"

38

 					for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done

39

 					vecho -ne "\a"

40

 					ls_ret=$(ls -ldh "${i}")

41

 					chmod ugo-s "${i}"

42

-					grep "^#${i/${D}}$" "${sfconf}" > /dev/null || {

43

-						# sandbox prevents us from writing directly

44

-						# to files outside of the sandbox, but this

45

-						# can easly be bypassed using the addwrite() function

46

-						addwrite "${sfconf}"

47

+					grep "^#${install_path}$" "${sfconf}" > /dev/null || {

48

 						vecho ">>> Appending commented out entry to ${sfconf} for ${PF}"

49

-						echo "## ${ls_ret%${D}*}${ls_ret#*${D}}" >> "${sfconf}"

50

-						echo "#${i/${D}}" >> "${sfconf}"

51

+						echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}"

52

+						echo "#${install_path}" >> "${sfconf}"

53

 						# no delwrite() eh?

54

 						# delwrite ${sconf}

55

}

56

57

--

58

gentoo-commits@l.g.o mailing list

1	Author: zmedico
2	Date: 2008-03-03 19:24:05 +0000 (Mon, 03 Mar 2008)
3	New Revision: 9424
4
5	Modified:
6	main/branches/2.1.2/bin/misc-functions.sh
7	Log:
8	Bug #210372 - Fix FEATURES=suidctl so that it really works again.
9	(trunk r9423)
10
11
12	Modified: main/branches/2.1.2/bin/misc-functions.sh
13	===================================================================
14	--- main/branches/2.1.2/bin/misc-functions.sh 2008-03-03 19:21:11 UTC (rev 9423)
15	+++ main/branches/2.1.2/bin/misc-functions.sh 2008-03-03 19:24:05 UTC (rev 9424)
16	@@ -464,27 +464,28 @@
17	fi
18	# total suid control.
19	if hasq suidctl $FEATURES; then
20	+ local sfconf
21	sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf
22	+ # sandbox prevents us from writing directly
23	+ # to files outside of the sandbox, but this
24	+ # can easly be bypassed using the addwrite() function
25	+ addwrite "${sfconf}"
26	vecho ">>> Performing suid scan in ${D}"
27	for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do
28	if [ -s "${sfconf}" ]; then
29	- suid="$(grep "^/${i#${D}}$" "${sfconf}")"
30	- if [ "${suid}" = "${i/${D}}" ]; then
31	- vecho "- ${i/${D}} is an approved suid file"
32	+ install_path=/${i#${D}}
33	+ if grep -q "^${install_path}\$" "${sfconf}" ; then
34	+ vecho "- ${install_path} is an approved suid file"
35	else
36	- vecho ">>> Removing sbit on non registered ${i/${D}}"
37	+ vecho ">>> Removing sbit on non registered ${install_path}"
38	for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
39	vecho -ne "\a"
40	ls_ret=$(ls -ldh "${i}")
41	chmod ugo-s "${i}"
42	- grep "^#${i/${D}}$" "${sfconf}" > /dev/null \|\| {
43	- # sandbox prevents us from writing directly
44	- # to files outside of the sandbox, but this
45	- # can easly be bypassed using the addwrite() function
46	- addwrite "${sfconf}"
47	+ grep "^#${install_path}$" "${sfconf}" > /dev/null \|\| {
48	vecho ">>> Appending commented out entry to ${sfconf} for ${PF}"
49	- echo "## ${ls_ret%${D}}${ls_ret#${D}}" >> "${sfconf}"
50	- echo "#${i/${D}}" >> "${sfconf}"
51	+ echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}"
52	+ echo "#${install_path}" >> "${sfconf}"
53	# no delwrite() eh?
54	# delwrite ${sconf}
55	}
56
57	--
58	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits