1 |
On Tue, 29 Nov 2016 12:43:16 -0800 |
2 |
Zac Medico <zmedico@g.o> wrote: |
3 |
|
4 |
> Allow ebuilds to install files with portage group permissions, as |
5 |
> a means to restrict access to package manager resources. |
6 |
> |
7 |
> X-Gentoo-Bug: 600804 |
8 |
> X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=600804 |
9 |
> --- |
10 |
> pym/portage/package/ebuild/doebuild.py | 9 ++++++--- |
11 |
> 1 file changed, 6 insertions(+), 3 deletions(-) |
12 |
> |
13 |
> diff --git a/pym/portage/package/ebuild/doebuild.py |
14 |
> b/pym/portage/package/ebuild/doebuild.py index 52dbf8b..4baae17 100644 |
15 |
> --- a/pym/portage/package/ebuild/doebuild.py |
16 |
> +++ b/pym/portage/package/ebuild/doebuild.py |
17 |
> @@ -2008,7 +2008,7 @@ def _postinst_bsdflags(mysettings): |
18 |
> def _post_src_install_uid_fix(mysettings, out): |
19 |
> """ |
20 |
> Files in $D with user and group bits that match the "portage" |
21 |
> - user or group are automatically mapped to PORTAGE_INST_UID |
22 |
> and |
23 |
> + user and group are automatically mapped to PORTAGE_INST_UID |
24 |
> and PORTAGE_INST_GID if necessary. The chown system call may clear |
25 |
> S_ISUID and S_ISGID bits, so those bits are restored if |
26 |
> necessary. |
27 |
> @@ -2154,8 +2154,11 @@ def _post_src_install_uid_fix(mysettings, out): |
28 |
> mystat.st_ino not in |
29 |
> counted_inodes: counted_inodes.add(mystat.st_ino) |
30 |
> size += mystat.st_size |
31 |
> - if mystat.st_uid != portage_uid and \ |
32 |
> - mystat.st_gid != portage_gid: |
33 |
> + |
34 |
> + # Only remap the UID/GID if both |
35 |
> match the portage user, |
36 |
> + # in order to avoid interference |
37 |
> with ebuilds that install |
38 |
> + # files with portage group |
39 |
> permissions (see bug 600804). |
40 |
> + if (mystat.st_uid, mystat.st_gid) != |
41 |
> (portage_uid, portage_gid): continue |
42 |
> myuid = -1 |
43 |
> mygid = -1 |
44 |
|
45 |
looks good to me |
46 |
|
47 |
-- |
48 |
Brian Dolbec <dolsen> |