1 |
On Mon, 27 Apr 2015 18:53:02 -0700 |
2 |
Zac Medico <zmedico@g.o> wrote: |
3 |
|
4 |
> Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage |
5 |
> paths in PATH could trigger exec loops or fork bombs in wrappers. |
6 |
> |
7 |
> Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp |
8 |
> PORTAGE_BIN_PATH (bug 547086)") X-Gentoo-Bug: 547086 |
9 |
> X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086 |
10 |
> --- |
11 |
> [PATCH v3] fixes broken ${X} references |
12 |
> |
13 |
> bin/ebuild-helpers/bsd/sed | 4 +++- |
14 |
> bin/ebuild-helpers/portageq | 4 +++- |
15 |
> bin/ebuild-helpers/unprivileged/chown | 4 +++- |
16 |
> bin/ebuild-helpers/xattr/install | 14 +++++++++++++- |
17 |
> 4 files changed, 22 insertions(+), 4 deletions(-) |
18 |
> |
19 |
> diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed |
20 |
> index 01b8847..9a7f2d4 100755 |
21 |
> --- a/bin/ebuild-helpers/bsd/sed |
22 |
> +++ b/bin/ebuild-helpers/bsd/sed |
23 |
> @@ -1,5 +1,5 @@ |
24 |
> #!/bin/bash |
25 |
> -# Copyright 2007-2012 Gentoo Foundation |
26 |
> +# Copyright 2007-2015 Gentoo Foundation |
27 |
> # Distributed under the terms of the GNU General Public License v2 |
28 |
> |
29 |
> scriptpath=${BASH_SOURCE[0]} |
30 |
> @@ -15,6 +15,8 @@ else |
31 |
> |
32 |
> for path in $PATH; do |
33 |
> if [[ -x ${path}/${scriptname} ]]; then |
34 |
> + [[ ${path} == |
35 |
> ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue |
36 |
> + [[ ${path} == */._portage_reinstall_.* ]] && |
37 |
> continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue |
38 |
> exec "${path}/${scriptname}" "$@" |
39 |
> exit 0 |
40 |
> diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq |
41 |
> index 4151bac..ba889eb 100755 |
42 |
> --- a/bin/ebuild-helpers/portageq |
43 |
> +++ b/bin/ebuild-helpers/portageq |
44 |
> @@ -1,5 +1,5 @@ |
45 |
> #!/bin/bash |
46 |
> -# Copyright 2009-2013 Gentoo Foundation |
47 |
> +# Copyright 2009-2015 Gentoo Foundation |
48 |
> # Distributed under the terms of the GNU General Public License v2 |
49 |
> |
50 |
> scriptpath=${BASH_SOURCE[0]} |
51 |
> @@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob |
52 |
> characters |
53 |
> for path in ${PATH}; do |
54 |
> [[ -x ${path}/${scriptname} ]] || continue |
55 |
> + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* |
56 |
> ]] && continue |
57 |
> + [[ ${path} == */._portage_reinstall_.* ]] && continue |
58 |
> [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue |
59 |
> PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ |
60 |
> exec "${PORTAGE_PYTHON:-/usr/bin/python}" \ |
61 |
> diff --git a/bin/ebuild-helpers/unprivileged/chown |
62 |
> b/bin/ebuild-helpers/unprivileged/chown index 08fa650..2f1f161 100755 |
63 |
> --- a/bin/ebuild-helpers/unprivileged/chown |
64 |
> +++ b/bin/ebuild-helpers/unprivileged/chown |
65 |
> @@ -1,5 +1,5 @@ |
66 |
> #!/bin/bash |
67 |
> -# Copyright 2012-2013 Gentoo Foundation |
68 |
> +# Copyright 2012-2015 Gentoo Foundation |
69 |
> # Distributed under the terms of the GNU General Public License v2 |
70 |
> |
71 |
> scriptpath=${BASH_SOURCE[0]} |
72 |
> @@ -9,6 +9,8 @@ IFS=':' |
73 |
> |
74 |
> for path in ${PATH}; do |
75 |
> [[ -x ${path}/${scriptname} ]] || continue |
76 |
> + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* |
77 |
> ]] && continue |
78 |
> + [[ ${path} == */._portage_reinstall_.* ]] && continue |
79 |
> [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue |
80 |
> IFS=$' \t\n' |
81 |
> output=$("${path}/${scriptname}" "$@" 2>&1) |
82 |
> diff --git a/bin/ebuild-helpers/xattr/install |
83 |
> b/bin/ebuild-helpers/xattr/install index d572fe6..2d2a693 100755 |
84 |
> --- a/bin/ebuild-helpers/xattr/install |
85 |
> +++ b/bin/ebuild-helpers/xattr/install |
86 |
> @@ -1,5 +1,5 @@ |
87 |
> #!/bin/bash |
88 |
> -# Copyright 2013 Gentoo Foundation |
89 |
> +# Copyright 2013-2015 Gentoo Foundation |
90 |
> # Distributed under the terms of the GNU General Public License v2 |
91 |
> |
92 |
> PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin} |
93 |
> @@ -24,6 +24,18 @@ else |
94 |
> fi |
95 |
> fi |
96 |
> |
97 |
> +# Filter internal portage paths from PATH, in order to avoid |
98 |
> +# a possible exec loop or fork bomb (see bug 547086). |
99 |
> +IFS=':' |
100 |
> +set -f |
101 |
> +path= |
102 |
> +for x in ${PATH}; do |
103 |
> + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] |
104 |
> && continue |
105 |
> + [[ ${x} == */._portage_reinstall_.* ]] && continue |
106 |
> + path+=":${x}" |
107 |
> +done |
108 |
> +PATH=${path#:} |
109 |
> + |
110 |
> if [[ "${implementation}" == "c" ]]; then |
111 |
> exec "${INSTALL_XATTR}" "$@" |
112 |
> elif [[ "${implementation}" == "python" ]]; then |
113 |
|
114 |
looks good |
115 |
|
116 |
-- |
117 |
Brian Dolbec <dolsen> |