Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o
Cc: Zac Medico <zmedico@g.o>
Subject: [gentoo-portage-dev] [PATCH v2] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
Date: Tue, 28 Apr 2015 14:48:46
Message-Id: 1430184476-28560-1-git-send-email-zmedico@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) by Zac Medico
1 Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
2 paths in PATH could trigger exec loops or fork bombs in wrappers.
3
4 Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
5 X-Gentoo-Bug: 547086
6 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
7 ---
8 [PATCH v2] makes the path patterns more explicit, in order to avoid false
9 positive matches, and fixes the install wrapper to adust PATH for install.py.
10
11 bin/ebuild-helpers/bsd/sed | 4 +++-
12 bin/ebuild-helpers/portageq | 4 +++-
13 bin/ebuild-helpers/unprivileged/chown | 4 +++-
14 bin/ebuild-helpers/xattr/install | 14 +++++++++++++-
15 4 files changed, 22 insertions(+), 4 deletions(-)
16
17 diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
18 index 01b8847..e6d4ba7 100755
19 --- a/bin/ebuild-helpers/bsd/sed
20 +++ b/bin/ebuild-helpers/bsd/sed
21 @@ -1,5 +1,5 @@
22 #!/bin/bash
23 -# Copyright 2007-2012 Gentoo Foundation
24 +# Copyright 2007-2015 Gentoo Foundation
25 # Distributed under the terms of the GNU General Public License v2
26
27 scriptpath=${BASH_SOURCE[0]}
28 @@ -15,6 +15,8 @@ else
29
30 for path in $PATH; do
31 if [[ -x ${path}/${scriptname} ]]; then
32 + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
33 + [[ ${x} == */._portage_reinstall_.* ]] && continue
34 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
35 exec "${path}/${scriptname}" "$@"
36 exit 0
37 diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
38 index 4151bac..0c8ac4c 100755
39 --- a/bin/ebuild-helpers/portageq
40 +++ b/bin/ebuild-helpers/portageq
41 @@ -1,5 +1,5 @@
42 #!/bin/bash
43 -# Copyright 2009-2013 Gentoo Foundation
44 +# Copyright 2009-2015 Gentoo Foundation
45 # Distributed under the terms of the GNU General Public License v2
46
47 scriptpath=${BASH_SOURCE[0]}
48 @@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob characters
49
50 for path in ${PATH}; do
51 [[ -x ${path}/${scriptname} ]] || continue
52 + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
53 + [[ ${x} == */._portage_reinstall_.* ]] && continue
54 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
55 PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
56 exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
57 diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
58 index 08fa650..a374435 100755
59 --- a/bin/ebuild-helpers/unprivileged/chown
60 +++ b/bin/ebuild-helpers/unprivileged/chown
61 @@ -1,5 +1,5 @@
62 #!/bin/bash
63 -# Copyright 2012-2013 Gentoo Foundation
64 +# Copyright 2012-2015 Gentoo Foundation
65 # Distributed under the terms of the GNU General Public License v2
66
67 scriptpath=${BASH_SOURCE[0]}
68 @@ -9,6 +9,8 @@ IFS=':'
69
70 for path in ${PATH}; do
71 [[ -x ${path}/${scriptname} ]] || continue
72 + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
73 + [[ ${x} == */._portage_reinstall_.* ]] && continue
74 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
75 IFS=$' \t\n'
76 output=$("${path}/${scriptname}" "$@" 2>&1)
77 diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
78 index d572fe6..2d2a693 100755
79 --- a/bin/ebuild-helpers/xattr/install
80 +++ b/bin/ebuild-helpers/xattr/install
81 @@ -1,5 +1,5 @@
82 #!/bin/bash
83 -# Copyright 2013 Gentoo Foundation
84 +# Copyright 2013-2015 Gentoo Foundation
85 # Distributed under the terms of the GNU General Public License v2
86
87 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
88 @@ -24,6 +24,18 @@ else
89 fi
90 fi
91
92 +# Filter internal portage paths from PATH, in order to avoid
93 +# a possible exec loop or fork bomb (see bug 547086).
94 +IFS=':'
95 +set -f
96 +path=
97 +for x in ${PATH}; do
98 + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
99 + [[ ${x} == */._portage_reinstall_.* ]] && continue
100 + path+=":${x}"
101 +done
102 +PATH=${path#:}
103 +
104 if [[ "${implementation}" == "c" ]]; then
105 exec "${INSTALL_XATTR}" "$@"
106 elif [[ "${implementation}" == "python" ]]; then
107 --
108 2.3.5