Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o
Cc: Zac Medico <zmedico@g.o>
Subject: [gentoo-portage-dev] [PATCH] ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086)
Date: Tue, 28 Apr 2015 14:45:40
Message-Id: 1430166552-21981-1-git-send-email-zmedico@gentoo.org
1 Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage
2 paths in PATH could trigger exec loops or fork bombs in wrappers.
3
4 Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)")
5 X-Gentoo-Bug: 547086
6 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086
7 ---
8 bin/ebuild-helpers/bsd/sed | 3 ++-
9 bin/ebuild-helpers/portageq | 3 ++-
10 bin/ebuild-helpers/unprivileged/chown | 3 ++-
11 bin/ebuild-helpers/xattr/install | 12 ++++++++++--
12 4 files changed, 16 insertions(+), 5 deletions(-)
13
14 diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed
15 index 01b8847..3d04ed6 100755
16 --- a/bin/ebuild-helpers/bsd/sed
17 +++ b/bin/ebuild-helpers/bsd/sed
18 @@ -1,5 +1,5 @@
19 #!/bin/bash
20 -# Copyright 2007-2012 Gentoo Foundation
21 +# Copyright 2007-2015 Gentoo Foundation
22 # Distributed under the terms of the GNU General Public License v2
23
24 scriptpath=${BASH_SOURCE[0]}
25 @@ -15,6 +15,7 @@ else
26
27 for path in $PATH; do
28 if [[ -x ${path}/${scriptname} ]]; then
29 + [[ ${path} == *portage* ]] && continue
30 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
31 exec "${path}/${scriptname}" "$@"
32 exit 0
33 diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
34 index 4151bac..1d9e208 100755
35 --- a/bin/ebuild-helpers/portageq
36 +++ b/bin/ebuild-helpers/portageq
37 @@ -1,5 +1,5 @@
38 #!/bin/bash
39 -# Copyright 2009-2013 Gentoo Foundation
40 +# Copyright 2009-2015 Gentoo Foundation
41 # Distributed under the terms of the GNU General Public License v2
42
43 scriptpath=${BASH_SOURCE[0]}
44 @@ -15,6 +15,7 @@ set -f # in case ${PATH} contains any shell glob characters
45
46 for path in ${PATH}; do
47 [[ -x ${path}/${scriptname} ]] || continue
48 + [[ ${path} == *portage* ]] && continue
49 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
50 PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
51 exec "${PORTAGE_PYTHON:-/usr/bin/python}" \
52 diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown
53 index 08fa650..00494b6 100755
54 --- a/bin/ebuild-helpers/unprivileged/chown
55 +++ b/bin/ebuild-helpers/unprivileged/chown
56 @@ -1,5 +1,5 @@
57 #!/bin/bash
58 -# Copyright 2012-2013 Gentoo Foundation
59 +# Copyright 2012-2015 Gentoo Foundation
60 # Distributed under the terms of the GNU General Public License v2
61
62 scriptpath=${BASH_SOURCE[0]}
63 @@ -9,6 +9,7 @@ IFS=':'
64
65 for path in ${PATH}; do
66 [[ -x ${path}/${scriptname} ]] || continue
67 + [[ ${path} == *portage* ]] && continue
68 [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue
69 IFS=$' \t\n'
70 output=$("${path}/${scriptname}" "$@" 2>&1)
71 diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
72 index d572fe6..2a44b15 100755
73 --- a/bin/ebuild-helpers/xattr/install
74 +++ b/bin/ebuild-helpers/xattr/install
75 @@ -1,5 +1,5 @@
76 #!/bin/bash
77 -# Copyright 2013 Gentoo Foundation
78 +# Copyright 2013-2015 Gentoo Foundation
79 # Distributed under the terms of the GNU General Public License v2
80
81 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
82 @@ -25,7 +25,15 @@ else
83 fi
84
85 if [[ "${implementation}" == "c" ]]; then
86 - exec "${INSTALL_XATTR}" "$@"
87 + # Filter internal portage paths from PATH, in order to avoid
88 + # a possible exec loop or fork bomb (see bug 547086).
89 + IFS=':'
90 + set -f
91 + path=
92 + for x in ${PATH}; do
93 + [[ ${x} == *portage* ]] || path+=":${x}"
94 + done
95 + PATH=${path#:} exec "${INSTALL_XATTR}" "$@"
96 elif [[ "${implementation}" == "python" ]]; then
97 PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
98 exec "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/install.py" "$@"
99 --
100 2.3.5

Replies