1 |
Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage |
2 |
paths in PATH could trigger exec loops or fork bombs in wrappers. |
3 |
|
4 |
Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)") |
5 |
X-Gentoo-Bug: 547086 |
6 |
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086 |
7 |
--- |
8 |
[PATCH v2] makes the path patterns more explicit, in order to avoid false |
9 |
positive matches, and fixes the install wrapper to adust PATH for install.py. |
10 |
|
11 |
bin/ebuild-helpers/bsd/sed | 4 +++- |
12 |
bin/ebuild-helpers/portageq | 4 +++- |
13 |
bin/ebuild-helpers/unprivileged/chown | 4 +++- |
14 |
bin/ebuild-helpers/xattr/install | 14 +++++++++++++- |
15 |
4 files changed, 22 insertions(+), 4 deletions(-) |
16 |
|
17 |
diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed |
18 |
index 01b8847..e6d4ba7 100755 |
19 |
--- a/bin/ebuild-helpers/bsd/sed |
20 |
+++ b/bin/ebuild-helpers/bsd/sed |
21 |
@@ -1,5 +1,5 @@ |
22 |
#!/bin/bash |
23 |
-# Copyright 2007-2012 Gentoo Foundation |
24 |
+# Copyright 2007-2015 Gentoo Foundation |
25 |
# Distributed under the terms of the GNU General Public License v2 |
26 |
|
27 |
scriptpath=${BASH_SOURCE[0]} |
28 |
@@ -15,6 +15,8 @@ else |
29 |
|
30 |
for path in $PATH; do |
31 |
if [[ -x ${path}/${scriptname} ]]; then |
32 |
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue |
33 |
+ [[ ${x} == */._portage_reinstall_.* ]] && continue |
34 |
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue |
35 |
exec "${path}/${scriptname}" "$@" |
36 |
exit 0 |
37 |
diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq |
38 |
index 4151bac..0c8ac4c 100755 |
39 |
--- a/bin/ebuild-helpers/portageq |
40 |
+++ b/bin/ebuild-helpers/portageq |
41 |
@@ -1,5 +1,5 @@ |
42 |
#!/bin/bash |
43 |
-# Copyright 2009-2013 Gentoo Foundation |
44 |
+# Copyright 2009-2015 Gentoo Foundation |
45 |
# Distributed under the terms of the GNU General Public License v2 |
46 |
|
47 |
scriptpath=${BASH_SOURCE[0]} |
48 |
@@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob characters |
49 |
|
50 |
for path in ${PATH}; do |
51 |
[[ -x ${path}/${scriptname} ]] || continue |
52 |
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue |
53 |
+ [[ ${x} == */._portage_reinstall_.* ]] && continue |
54 |
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue |
55 |
PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ |
56 |
exec "${PORTAGE_PYTHON:-/usr/bin/python}" \ |
57 |
diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown |
58 |
index 08fa650..a374435 100755 |
59 |
--- a/bin/ebuild-helpers/unprivileged/chown |
60 |
+++ b/bin/ebuild-helpers/unprivileged/chown |
61 |
@@ -1,5 +1,5 @@ |
62 |
#!/bin/bash |
63 |
-# Copyright 2012-2013 Gentoo Foundation |
64 |
+# Copyright 2012-2015 Gentoo Foundation |
65 |
# Distributed under the terms of the GNU General Public License v2 |
66 |
|
67 |
scriptpath=${BASH_SOURCE[0]} |
68 |
@@ -9,6 +9,8 @@ IFS=':' |
69 |
|
70 |
for path in ${PATH}; do |
71 |
[[ -x ${path}/${scriptname} ]] || continue |
72 |
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue |
73 |
+ [[ ${x} == */._portage_reinstall_.* ]] && continue |
74 |
[[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue |
75 |
IFS=$' \t\n' |
76 |
output=$("${path}/${scriptname}" "$@" 2>&1) |
77 |
diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install |
78 |
index d572fe6..2d2a693 100755 |
79 |
--- a/bin/ebuild-helpers/xattr/install |
80 |
+++ b/bin/ebuild-helpers/xattr/install |
81 |
@@ -1,5 +1,5 @@ |
82 |
#!/bin/bash |
83 |
-# Copyright 2013 Gentoo Foundation |
84 |
+# Copyright 2013-2015 Gentoo Foundation |
85 |
# Distributed under the terms of the GNU General Public License v2 |
86 |
|
87 |
PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin} |
88 |
@@ -24,6 +24,18 @@ else |
89 |
fi |
90 |
fi |
91 |
|
92 |
+# Filter internal portage paths from PATH, in order to avoid |
93 |
+# a possible exec loop or fork bomb (see bug 547086). |
94 |
+IFS=':' |
95 |
+set -f |
96 |
+path= |
97 |
+for x in ${PATH}; do |
98 |
+ [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue |
99 |
+ [[ ${x} == */._portage_reinstall_.* ]] && continue |
100 |
+ path+=":${x}" |
101 |
+done |
102 |
+PATH=${path#:} |
103 |
+ |
104 |
if [[ "${implementation}" == "c" ]]; then |
105 |
exec "${INSTALL_XATTR}" "$@" |
106 |
elif [[ "${implementation}" == "python" ]]; then |
107 |
-- |
108 |
2.3.5 |