| 1 |
flameeyes 10/10/08 15:33:13 |
| 2 |
|
| 3 |
Modified: pkg_preinst.eblit |
| 4 |
Log: |
| 5 |
QA: avoid using $D when testing the just-built loader, as it might cause trouble when it contains colon characters; the fix is trivial. |
| 6 |
|
| 7 |
(Portage version: 2.2_rc91/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.3 sys-libs/glibc/files/eblits/pkg_preinst.eblit |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit?rev=1.3&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit?rev=1.3&content-type=text/plain |
| 14 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit?r1=1.2&r2=1.3 |
| 15 |
|
| 16 |
Index: pkg_preinst.eblit |
| 17 |
=================================================================== |
| 18 |
RCS file: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit,v |
| 19 |
retrieving revision 1.2 |
| 20 |
retrieving revision 1.3 |
| 21 |
diff -u -r1.2 -r1.3 |
| 22 |
--- pkg_preinst.eblit 19 Dec 2009 23:44:54 -0000 1.2 |
| 23 |
+++ pkg_preinst.eblit 8 Oct 2010 15:33:13 -0000 1.3 |
| 24 |
@@ -1,6 +1,6 @@ |
| 25 |
-# Copyright 1999-2009 Gentoo Foundation |
| 26 |
+# Copyright 1999-2010 Gentoo Foundation |
| 27 |
# Distributed under the terms of the GNU General Public License v2 |
| 28 |
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit,v 1.2 2009/12/19 23:44:54 vapier Exp $ |
| 29 |
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit,v 1.3 2010/10/08 15:33:13 flameeyes Exp $ |
| 30 |
|
| 31 |
fix_lib64_symlinks() { |
| 32 |
# the original Gentoo/AMD64 devs decided that since 64bit is the native |
| 33 |
@@ -75,9 +75,16 @@ |
| 34 |
striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) |
| 35 |
[[ -z ${striptest} ]] && continue |
| 36 |
[[ ${striptest} == *"statically linked"* ]] && continue |
| 37 |
- "${D}"/$(get_libdir)/ld-*.so \ |
| 38 |
- --library-path "${D}"/$(get_libdir) \ |
| 39 |
- ${x} > /dev/null \ |
| 40 |
+ # we enter ${D} so to avoid trouble if the path contains |
| 41 |
+ # special characters; for instance if the path contains the |
| 42 |
+ # colon character (:), then the linker will try to split it |
| 43 |
+ # and look for the libraries in an unexpected place. This can |
| 44 |
+ # lead to unsafe code execution if the generated prefix is |
| 45 |
+ # within a world-writable directory |
| 46 |
+ # (e.g. /var/tmp/portage:${HOSTNAME}) |
| 47 |
+ pushd "${D}"/$(get_libdir) 2>/dev/null |
| 48 |
+ ./ld-*.so --library-path . ${x} > /dev/null \ |
| 49 |
|| die "simple run test (${x}) failed" |
| 50 |
+ popd 2>/dev/null |
| 51 |
done |
| 52 |
} |
Archives