From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3D491158042 for ; Mon, 11 Nov 2024 01:27:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D6A06E08CE; Mon, 11 Nov 2024 01:27:36 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9C567E087D for ; Mon, 11 Nov 2024 01:27:36 +0000 (UTC) From: Mike Gilbert To: gentoo-dev@lists.gentoo.org Cc: base-system@gentoo.org, Mike Gilbert Subject: [gentoo-dev] [PATCH] fcaps.eclass: leave permissions alone by default Date: Sun, 10 Nov 2024 20:27:33 -0500 Message-ID: <20241111012733.139417-1-floppym@gentoo.org> X-Mailer: git-send-email 2.47.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 3d65bbff-c721-424e-a9d5-5284fdb5e466 X-Archives-Hash: 920f0de082beb3d3d3d7c515404f6e69 Instead of clobbering the entire file mode, just toggle the suid bit if needed. In most cases this will result in a world-readable file. Introduce the FCAPS_DENY_WORLD_READ setting for users who insist on having their suid binaries unreadable. Skip calling chown/chmod if the owner/mode is empty. This may be used by ebuild authors in certain use cases. Bug: https://bugs.gentoo.org/938164 Signed-off-by: Mike Gilbert --- eclass/fcaps.eclass | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass index 477e1e954ab8..5cb781a7a75d 100644 --- a/eclass/fcaps.eclass +++ b/eclass/fcaps.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: fcaps.eclass @@ -66,6 +66,12 @@ esac # # Note: If you override pkg_postinst, you must call fcaps_pkg_postinst yourself. +# @ECLASS_VARIABLE: FCAPS_DENY_WORLD_READ +# @USER_VARIABLE +# @DEFAULT_UNSET +# @DESCRIPTION: +# When set, deny read access on files updated by the fcaps function. + # @FUNCTION: fcaps # @USAGE: [-o ] [-g ] [-m ] [-M ] # @DESCRIPTION: @@ -96,8 +102,13 @@ fcaps() { # Process the user options first. local owner='0' local group='0' - local mode='4711' - local caps_mode='711' + local mode=u+s + local caps_mode= + + if [[ -n ${FCAPS_DENY_WORLD_READ} ]]; then + mode=u+s,go-r + caps_mode=go-r + fi while [[ $# -gt 0 ]] ; do case $1 in @@ -137,9 +148,10 @@ fcaps() { # fs doesn't support it, but abort on all others. debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'" - # If everything goes well, we don't want the file to be readable - # by people. - chmod ${caps_mode} "${file}" || die + # Remove the read bits if requested. + if [[ -n ${caps_mode} ]]; then + chmod ${caps_mode} "${file}" || die + fi if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then case ${out} in @@ -170,9 +182,14 @@ fcaps() { fi # If we're still here, setcaps failed. - debug-print "${FUNCNAME}: setting owner/mode on '${file}'" - chown "${owner}:${group}" "${file}" || die - chmod ${mode} "${file}" || die + if [[ -n ${owner} || -n ${group} ]]; then + debug-print "${FUNCNAME}: setting owner on '${file}'" + chown "${owner}:${group}" "${file}" || die + fi + if [[ -n ${mode} ]]; then + debug-print "${FUNCNAME}: setting mode on '${file}'" + chmod ${mode} "${file}" || die + fi done } -- 2.47.0