1 |
commit: e0862b8a3b3df10038b5dea127018415cdb94f63 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jan 28 05:27:23 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jan 28 05:27:23 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0862b8a |
7 |
|
8 |
sys-apps/util-linux: force installed su(1) to be suid |
9 |
|
10 |
su(1) is almost useless without suid and on balance, it's more likely |
11 |
that people will have USE="-suid" in make.conf (globally) rather than |
12 |
desperately wanting to strip su(1) of its suid bits. |
13 |
|
14 |
This avoids such users having a "broken" (or dysfunctional) su(1). |
15 |
|
16 |
Users wishing to truly have a no-suid su(1) can e.g. use Portage's |
17 |
'suidctl' feature or strip it out via e.g. a bashrc hook. |
18 |
|
19 |
Note that shadow's su(1) (the default implementation until recently) |
20 |
always forced suid su anyway. |
21 |
|
22 |
Closes: https://bugs.gentoo.org/832092 |
23 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
24 |
|
25 |
...nux-9999.ebuild => util-linux-2.37.3-r1.ebuild} | 23 +++++++++++++++++++++- |
26 |
sys-apps/util-linux/util-linux-9999.ebuild | 16 +++++++++++++++ |
27 |
2 files changed, 38 insertions(+), 1 deletion(-) |
28 |
|
29 |
diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild |
30 |
similarity index 91% |
31 |
copy from sys-apps/util-linux/util-linux-9999.ebuild |
32 |
copy to sys-apps/util-linux/util-linux-2.37.3-r1.ebuild |
33 |
index 3fdf6c85b949..bc61b04a195e 100644 |
34 |
--- a/sys-apps/util-linux/util-linux-9999.ebuild |
35 |
+++ b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild |
36 |
@@ -16,7 +16,7 @@ if [[ ${PV} == 9999 ]] ; then |
37 |
EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git" |
38 |
else |
39 |
[[ "${PV}" = *_rc* ]] || \ |
40 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" |
41 |
+ KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" |
42 |
SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz" |
43 |
fi |
44 |
|
45 |
@@ -84,6 +84,18 @@ RESTRICT="!test? ( test )" |
46 |
|
47 |
S="${WORKDIR}/${MY_P}" |
48 |
|
49 |
+PATCHES=( |
50 |
+ "${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972 |
51 |
+ "${FILESDIR}"/${PN}-2.37.2-ioctl_ns-test-hang.patch # upstream test hang patch |
52 |
+) |
53 |
+ |
54 |
+pkg_pretend() { |
55 |
+ if use su && ! use suid ; then |
56 |
+ elog "su will be installed as suid despite USE=-suid (bug #832092)" |
57 |
+ elog "To use su without suid, see e.g. Portage's suidctl feature." |
58 |
+ fi |
59 |
+} |
60 |
+ |
61 |
src_prepare() { |
62 |
default |
63 |
|
64 |
@@ -291,6 +303,15 @@ multilib_src_install_all() { |
65 |
newpamd "${FILESDIR}/su-l.pamd" su-l |
66 |
fi |
67 |
|
68 |
+ if use su && ! use suid ; then |
69 |
+ # Always force suid su, even when USE=-suid, as su is useless |
70 |
+ # for the overwhelming-majority case without suid. |
71 |
+ # Users who wish to truly have a no-suid su can strip it out |
72 |
+ # via e.g. Portage's suidctl or some other hook. |
73 |
+ # See bug #832092 |
74 |
+ fperms u+s /bin/su |
75 |
+ fi |
76 |
+ |
77 |
# Note: |
78 |
# Bash completion for "runuser" command is provided by same file which |
79 |
# would also provide bash completion for "su" command. However, we don't |
80 |
|
81 |
diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-9999.ebuild |
82 |
index 3fdf6c85b949..658e0639ff89 100644 |
83 |
--- a/sys-apps/util-linux/util-linux-9999.ebuild |
84 |
+++ b/sys-apps/util-linux/util-linux-9999.ebuild |
85 |
@@ -84,6 +84,13 @@ RESTRICT="!test? ( test )" |
86 |
|
87 |
S="${WORKDIR}/${MY_P}" |
88 |
|
89 |
+pkg_pretend() { |
90 |
+ if use su && ! use suid ; then |
91 |
+ elog "su will be installed as suid despite USE=-suid (bug #832092)" |
92 |
+ elog "To use su without suid, see e.g. Portage's suidctl feature." |
93 |
+ fi |
94 |
+} |
95 |
+ |
96 |
src_prepare() { |
97 |
default |
98 |
|
99 |
@@ -291,6 +298,15 @@ multilib_src_install_all() { |
100 |
newpamd "${FILESDIR}/su-l.pamd" su-l |
101 |
fi |
102 |
|
103 |
+ if use su && ! use suid ; then |
104 |
+ # Always force suid su, even when USE=-suid, as su is useless |
105 |
+ # for the overwhelming-majority case without suid. |
106 |
+ # Users who wish to truly have a no-suid su can strip it out |
107 |
+ # via e.g. Portage's suidctl or some other hook. |
108 |
+ # See bug #832092 |
109 |
+ fperms u+s /bin/su |
110 |
+ fi |
111 |
+ |
112 |
# Note: |
113 |
# Bash completion for "runuser" command is provided by same file which |
114 |
# would also provide bash completion for "su" command. However, we don't |