Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o
Cc: Zac Medico <zmedico@g.o>
Subject: [gentoo-portage-dev] [PATCH v3] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
Date: Tue, 28 Apr 2015 14:05:14
Message-Id: 1430185982-29249-1-git-send-email-zmedico@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) by Zac Medico
1 Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
2 paths in PATH could trigger exec loops or fork bombs in wrappers.
3
4 Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
5 X-Gentoo-Bug: 547086
6 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
7 ---
8 [PATCH v3] fixes broken ${X} references
9
10 bin/ebuild-helpers/bsd/sed | 4 +++-
11 bin/ebuild-helpers/portageq | 4 +++-
12 bin/ebuild-helpers/unprivileged/chown | 4 +++-
13 bin/ebuild-helpers/xattr/install | 14 +++++++++++++-
14 4 files changed, 22 insertions(+), 4 deletions(-)
15
16 diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
17 index 01b8847..9a7f2d4 100755
18 --- a/bin/ebuild-helpers/bsd/sed
19 +++ b/bin/ebuild-helpers/bsd/sed
20 @@ -1,5 +1,5 @@
21 #!/bin/bash
22 -# Copyright 2007-2012 Gentoo Foundation
23 +# Copyright 2007-2015 Gentoo Foundation
24 # Distributed under the terms of the GNU General Public License v2
25
26 scriptpath=${BASH_SOURCE[0]}
27 @@ -15,6 +15,8 @@ else
28
29 for path in $PATH; do
30 if [[ -x ${path}/${scriptname} ]]; then
31 + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
32 + [[ ${path} == */._portage_reinstall_.* ]] && continue
33 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
34 exec "${path}/${scriptname}" "$@"
35 exit 0
36 diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
37 index 4151bac..ba889eb 100755
38 --- a/bin/ebuild-helpers/portageq
39 +++ b/bin/ebuild-helpers/portageq
40 @@ -1,5 +1,5 @@
41 #!/bin/bash
42 -# Copyright 2009-2013 Gentoo Foundation
43 +# Copyright 2009-2015 Gentoo Foundation
44 # Distributed under the terms of the GNU General Public License v2
45
46 scriptpath=${BASH_SOURCE[0]}
47 @@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob characters
48
49 for path in ${PATH}; do
50 [[ -x ${path}/${scriptname} ]] || continue
51 + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
52 + [[ ${path} == */._portage_reinstall_.* ]] && continue
53 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
54 PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
55 exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
56 diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
57 index 08fa650..2f1f161 100755
58 --- a/bin/ebuild-helpers/unprivileged/chown
59 +++ b/bin/ebuild-helpers/unprivileged/chown
60 @@ -1,5 +1,5 @@
61 #!/bin/bash
62 -# Copyright 2012-2013 Gentoo Foundation
63 +# Copyright 2012-2015 Gentoo Foundation
64 # Distributed under the terms of the GNU General Public License v2
65
66 scriptpath=${BASH_SOURCE[0]}
67 @@ -9,6 +9,8 @@ IFS=':'
68
69 for path in ${PATH}; do
70 [[ -x ${path}/${scriptname} ]] || continue
71 + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
72 + [[ ${path} == */._portage_reinstall_.* ]] && continue
73 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
74 IFS=$' \t\n'
75 output=$("${path}/${scriptname}" "$@" 2>&1)
76 diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
77 index d572fe6..2d2a693 100755
78 --- a/bin/ebuild-helpers/xattr/install
79 +++ b/bin/ebuild-helpers/xattr/install
80 @@ -1,5 +1,5 @@
81 #!/bin/bash
82 -# Copyright 2013 Gentoo Foundation
83 +# Copyright 2013-2015 Gentoo Foundation
84 # Distributed under the terms of the GNU General Public License v2
85
86 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
87 @@ -24,6 +24,18 @@ else
88 fi
89 fi
90
91 +# Filter internal portage paths from PATH, in order to avoid
92 +# a possible exec loop or fork bomb (see bug 547086).
93 +IFS=':'
94 +set -f
95 +path=
96 +for x in ${PATH}; do
97 + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue
98 + [[ ${x} == */._portage_reinstall_.* ]] && continue
99 + path+=":${x}"
100 +done
101 +PATH=${path#:}
102 +
103 if [[ "${implementation}" == "c" ]]; then
104 exec "${INSTALL_XATTR}" "$@"
105 elif [[ "${implementation}" == "python" ]]; then
106 --
107 2.3.5

Replies