diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-07-23 17:05:44 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-07-23 21:59:17 +0100 |
commit | 3134ae11270dae9d8dddc5a16e2321b675b5d522 (patch) | |
tree | 224b59e8915fc9b3672bf82c654610d6fec40cfa | |
parent | 7c11b327a1cf116ccfd3df05e84845dbcb3d3fd8 (diff) | |
download | poky-3134ae11270dae9d8dddc5a16e2321b675b5d522.tar.gz |
sanity: Check for setgid/setuid TMPDIR
Building in a TMPDIR which has setgid or setuid is a bad idea. We could try and reset
the permissions but since these can also invade into other directories like the cache
or sstate, lets tell the user to fix it instead.
[YOCTO #6519]
(From OE-Core rev: 8e44fc36018fda9b1f9ca8aebde3e744afc07eaa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/classes/sanity.bbclass | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index ed65814be2..1ad663a057 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass | |||
@@ -514,6 +514,7 @@ def check_sanity_version_change(status, d): | |||
514 | import xml.parsers.expat | 514 | import xml.parsers.expat |
515 | except ImportError: | 515 | except ImportError: |
516 | status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n') | 516 | status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n') |
517 | import stat | ||
517 | 518 | ||
518 | status.addresult(check_make_version(d)) | 519 | status.addresult(check_make_version(d)) |
519 | status.addresult(check_tar_version(d)) | 520 | status.addresult(check_tar_version(d)) |
@@ -566,6 +567,11 @@ def check_sanity_version_change(status, d): | |||
566 | # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS) | 567 | # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS) |
567 | tmpdir = d.getVar('TMPDIR', True) | 568 | tmpdir = d.getVar('TMPDIR', True) |
568 | status.addresult(check_create_long_filename(tmpdir, "TMPDIR")) | 569 | status.addresult(check_create_long_filename(tmpdir, "TMPDIR")) |
570 | tmpdirmode = os.stat(tmpdir).st_mode | ||
571 | if (tmpdirmode & stat.S_ISGID): | ||
572 | status.addresult("TMPDIR is setgid, please don't build in a setgid directory") | ||
573 | if (tmpdirmode & stat.S_ISUID): | ||
574 | status.addresult("TMPDIR is setuid, please don't build in a setuid directory") | ||
569 | 575 | ||
570 | # Some third-party software apparently relies on chmod etc. being suid root (!!) | 576 | # Some third-party software apparently relies on chmod etc. being suid root (!!) |
571 | import stat | 577 | import stat |