Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Brian Dolbec <dolsen@g.o>
To: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] [PATCH v3] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
Date: Tue, 28 Apr 2015 14:49:08
Message-Id: 20150428074611.7b0eb153.dolsen@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH v3] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) by Zac Medico
1 On Mon, 27 Apr 2015 18:53:02 -0700
2 Zac Medico <zmedico@g.o> wrote:
3
4 > Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
5 > paths in PATH could trigger exec loops or fork bombs in wrappers.
6 >
7 > Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp
8 > PORTAGE_BIN_PATH (bug 547086)") X-Gentoo-Bug: 547086
9 > X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
10 > ---
11 > [PATCH v3] fixes broken ${X} references
12 >
13 > bin/ebuild-helpers/bsd/sed | 4 +++-
14 > bin/ebuild-helpers/portageq | 4 +++-
15 > bin/ebuild-helpers/unprivileged/chown | 4 +++-
16 > bin/ebuild-helpers/xattr/install | 14 +++++++++++++-
17 > 4 files changed, 22 insertions(+), 4 deletions(-)
18 >
19 > diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
20 > index 01b8847..9a7f2d4 100755
21 > --- a/bin/ebuild-helpers/bsd/sed
22 > +++ b/bin/ebuild-helpers/bsd/sed
23 > @@ -1,5 +1,5 @@
24 > #!/bin/bash
25 > -# Copyright 2007-2012 Gentoo Foundation
26 > +# Copyright 2007-2015 Gentoo Foundation
27 > # Distributed under the terms of the GNU General Public License v2
28 >
29 > scriptpath=${BASH_SOURCE[0]}
30 > @@ -15,6 +15,8 @@ else
31 >
32 > for path in $PATH; do
33 > if [[ -x ${path}/${scriptname} ]]; then
34 > + [[ ${path} ==
35 > ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
36 > + [[ ${path} == */._portage_reinstall_.* ]] &&
37 > continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
38 > exec "${path}/${scriptname}" "$@"
39 > exit 0
40 > diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
41 > index 4151bac..ba889eb 100755
42 > --- a/bin/ebuild-helpers/portageq
43 > +++ b/bin/ebuild-helpers/portageq
44 > @@ -1,5 +1,5 @@
45 > #!/bin/bash
46 > -# Copyright 2009-2013 Gentoo Foundation
47 > +# Copyright 2009-2015 Gentoo Foundation
48 > # Distributed under the terms of the GNU General Public License v2
49 >
50 > scriptpath=${BASH_SOURCE[0]}
51 > @@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob
52 > characters
53 > for path in ${PATH}; do
54 > [[ -x ${path}/${scriptname} ]] || continue
55 > + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/*
56 > ]] && continue
57 > + [[ ${path} == */._portage_reinstall_.* ]] && continue
58 > [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
59 > PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
60 > exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
61 > diff --git a/bin/ebuild-helpers/unprivileged/chown
62 > b/bin/ebuild-helpers/unprivileged/chown index 08fa650..2f1f161 100755
63 > --- a/bin/ebuild-helpers/unprivileged/chown
64 > +++ b/bin/ebuild-helpers/unprivileged/chown
65 > @@ -1,5 +1,5 @@
66 > #!/bin/bash
67 > -# Copyright 2012-2013 Gentoo Foundation
68 > +# Copyright 2012-2015 Gentoo Foundation
69 > # Distributed under the terms of the GNU General Public License v2
70 >
71 > scriptpath=${BASH_SOURCE[0]}
72 > @@ -9,6 +9,8 @@ IFS=':'
73 >
74 > for path in ${PATH}; do
75 > [[ -x ${path}/${scriptname} ]] || continue
76 > + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/*
77 > ]] && continue
78 > + [[ ${path} == */._portage_reinstall_.* ]] && continue
79 > [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
80 > IFS=$' \t\n'
81 > output=$("${path}/${scriptname}" "$@" 2>&1)
82 > diff --git a/bin/ebuild-helpers/xattr/install
83 > b/bin/ebuild-helpers/xattr/install index d572fe6..2d2a693 100755
84 > --- a/bin/ebuild-helpers/xattr/install
85 > +++ b/bin/ebuild-helpers/xattr/install
86 > @@ -1,5 +1,5 @@
87 > #!/bin/bash
88 > -# Copyright 2013 Gentoo Foundation
89 > +# Copyright 2013-2015 Gentoo Foundation
90 > # Distributed under the terms of the GNU General Public License v2
91 >
92 > PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
93 > @@ -24,6 +24,18 @@ else
94 > fi
95 > fi
96 >
97 > +# Filter internal portage paths from PATH, in order to avoid
98 > +# a possible exec loop or fork bomb (see bug 547086).
99 > +IFS=':'
100 > +set -f
101 > +path=
102 > +for x in ${PATH}; do
103 > + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]]
104 > && continue
105 > + [[ ${x} == */._portage_reinstall_.* ]] && continue
106 > + path+=":${x}"
107 > +done
108 > +PATH=${path#:}
109 > +
110 > if [[ "${implementation}" == "c" ]]; then
111 > exec "${INSTALL_XATTR}" "$@"
112 > elif [[ "${implementation}" == "python" ]]; then
113
114 looks good
115
116 --
117 Brian Dolbec <dolsen>
Report Message
Find on MARC Find on Google Groups