summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Seebach <peter.seebach@windriver.com>2014-05-27 19:14:46 -0500
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-05-28 08:19:31 +0100
commit3bf24188b6735bc156f0e2f0acde0277b8443737 (patch)
tree11193d03f8ec5c653e888d69798314f56f06b00e
parentda9dd699b0127b70494ac68f30167fd7bfdc5f9d (diff)
downloadpoky-3bf24188b6735bc156f0e2f0acde0277b8443737.tar.gz
pseudo: Honor umask again
The fchmodat-permissions patch was fine for the fchmod case, but had the unintended side effect of disregarding umask settings for open, mknod, mkdir, and their close relatives. Start tracking umask and masking the umask bits out where appropriate. (From OE-Core rev: ce23c1cc33a015fbd184df6c16658353334ab611) Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch169
1 files changed, 163 insertions, 6 deletions
diff --git a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
index 2bd2289372..7b1f82d577 100644
--- a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
+++ b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
@@ -1,4 +1,4 @@
1commit 5a6f2896ed44029ced2a33ac64c962737c5171a0 1commit 7e67d082737b3df4788caf85fedd607b3acd9786
2Author: Peter Seebach <peter.seebach@windriver.com> 2Author: Peter Seebach <peter.seebach@windriver.com>
3Date: Fri May 16 15:53:06 2014 -0500 3Date: Fri May 16 15:53:06 2014 -0500
4 4
@@ -11,18 +11,27 @@ Date: Fri May 16 15:53:06 2014 -0500
11 AT_SYMLINK_NOFOLLOW by rejecting it if the host system does, 11 AT_SYMLINK_NOFOLLOW by rejecting it if the host system does,
12 to make GNU tar happier), also mask out write bits from filesystem 12 to make GNU tar happier), also mask out write bits from filesystem
13 modes to avoid security problems. 13 modes to avoid security problems.
14
15 Also start tracking umask so we can use the right modes for
16 open, mkdir, and mknod.
14 17
15 The 1.6 patches are: 18 The 1.6 patches are:
16 19
17 87c53ea58befef48677846693aab445df1850e16 20 87c53ea58befef48677846693aab445df1850e16
18 3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23 21 3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23
19 c98e4f43b5d6499748a5057134408f4ba4854fb4 22 c98e4f43b5d6499748a5057134408f4ba4854fb4
23 2f71a021b725c1aa415439209a89327f0b997d02
24 14925786b55202d8147b0af719038e8a23ef73c0
20 25
21diff --git a/ChangeLog.txt b/ChangeLog.txt 26diff --git a/ChangeLog.txt b/ChangeLog.txt
22index 113f675..fab1033 100644 27index 113f675..cc966ce 100644
23--- a/ChangeLog.txt 28--- a/ChangeLog.txt
24+++ b/ChangeLog.txt 29+++ b/ChangeLog.txt
25@@ -1,3 +1,14 @@ 30@@ -1,3 +1,18 @@
31+2014-05-27:
32+ * (seebs) start noticing umask, mask it out from open or mkdir
33+ calls rather than relying on underlying open/mkdir to do it.
34+
26+2014-05-16: 35+2014-05-16:
27+ * (seebs) fchmodat: don't drop flags, report failures, to improve 36+ * (seebs) fchmodat: don't drop flags, report failures, to improve
28+ compatibility/consistency. Cache the knowledge that 37+ compatibility/consistency. Cache the knowledge that
@@ -37,6 +46,60 @@ index 113f675..fab1033 100644
37 2013-02-27: 46 2013-02-27:
38 * (seebs) Oh, hey, what if I took out my debug messages? 47 * (seebs) Oh, hey, what if I took out my debug messages?
39 * (seebs) update docs a bit to reduce bitrot 48 * (seebs) update docs a bit to reduce bitrot
49diff --git a/makewrappers b/makewrappers
50index e87cc56..0127766 100755
51--- a/makewrappers
52+++ b/makewrappers
53@@ -204,6 +204,7 @@ class Function:
54 'uid_t': '0',
55 'int': '-1',
56 'long': '-1',
57+ 'mode_t': '0',
58 'ssize_t': '-1'
59 }
60
61diff --git a/ports/darwin/guts/open.c b/ports/darwin/guts/open.c
62index c66cc15..520bb70 100644
63--- a/ports/darwin/guts/open.c
64+++ b/ports/darwin/guts/open.c
65@@ -9,6 +9,9 @@
66 struct stat buf = { };
67 int existed = 1;
68 int save_errno;
69+
70+ /* mask out mode bits appropriately */
71+ mode = mode & ~pseudo_umask;
72 #ifdef PSEUDO_FORCE_ASYNCH
73 flags &= ~O_SYNC;
74 #endif
75diff --git a/ports/linux/guts/__xmknodat.c b/ports/linux/guts/__xmknodat.c
76index 59b4f2f..0888b8a 100644
77--- a/ports/linux/guts/__xmknodat.c
78+++ b/ports/linux/guts/__xmknodat.c
79@@ -9,6 +9,9 @@
80 pseudo_msg_t *msg;
81 struct stat64 buf;
82
83+ /* mask out mode bits appropriately */
84+ mode = mode & ~pseudo_umask;
85+
86 /* we don't use underlying call, so _ver is irrelevant to us */
87 (void) ver;
88
89diff --git a/ports/linux/guts/openat.c b/ports/linux/guts/openat.c
90index 8460073..4053549 100644
91--- a/ports/linux/guts/openat.c
92+++ b/ports/linux/guts/openat.c
93@@ -10,6 +10,9 @@
94 int existed = 1;
95 int save_errno;
96
97+ /* mask out mode bits appropriately */
98+ mode = mode & ~pseudo_umask;
99+
100 #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
101 if (dirfd != AT_FDCWD) {
102 errno = ENOSYS;
40diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c 103diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c
41index 59a92ce..69a953c 100644 104index 59a92ce..69a953c 100644
42--- a/ports/unix/guts/fchmodat.c 105--- a/ports/unix/guts/fchmodat.c
@@ -92,16 +155,110 @@ index 59a92ce..69a953c 100644
92 * may believe you are permitted to change modes that the filesystem 155 * may believe you are permitted to change modes that the filesystem
93 * doesn't. Note that we also don't need to know whether the 156 * doesn't. Note that we also don't need to know whether the
94 * file might be a (pseudo) block device or some such; pseudo 157 * file might be a (pseudo) block device or some such; pseudo
158diff --git a/ports/unix/guts/mkdirat.c b/ports/unix/guts/mkdirat.c
159index e846b70..e0b6af9 100644
160--- a/ports/unix/guts/mkdirat.c
161+++ b/ports/unix/guts/mkdirat.c
162@@ -6,11 +6,14 @@
163 * wrap_mkdirat(int dirfd, const char *path, mode_t mode) {
164 * int rc = -1;
165 */
166+ /* mask out mode bits appropriately */
167+ mode = mode & ~pseudo_umask;
168 #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
169 if (dirfd != AT_FDCWD) {
170 errno = ENOSYS;
171 return -1;
172 }
173+
174 rc = real_mkdir(path, PSEUDO_FS_MODE(mode, 1));
175 #else
176 rc = real_mkdirat(dirfd, path, PSEUDO_FS_MODE(mode, 1));
177diff --git a/ports/unix/guts/mknodat.c b/ports/unix/guts/mknodat.c
178index 6fd5b42..5d8d47c 100644
179--- a/ports/unix/guts/mknodat.c
180+++ b/ports/unix/guts/mknodat.c
181@@ -10,6 +10,9 @@
182 PSEUDO_STATBUF buf;
183 int save_errno = errno;
184
185+ /* mask out mode bits appropriately */
186+ mode = mode & ~pseudo_umask;
187+
188 #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
189 if (dirfd != AT_FDCWD) {
190 errno = ENOSYS;
191diff --git a/ports/unix/guts/umask.c b/ports/unix/guts/umask.c
192new file mode 100644
193index 0000000..6b060d3
194--- /dev/null
195+++ b/ports/unix/guts/umask.c
196@@ -0,0 +1,14 @@
197+/*
198+ * Copyright (c) 2014 Wind River Systems; see
199+ * guts/COPYRIGHT for information.
200+ *
201+ * mode_t umask(mode_t mask)
202+ * mode_t rc = 0;
203+ */
204+
205+ pseudo_umask = mask;
206+ rc = real_umask(mask);
207+
208+/* return rc;
209+ * }
210+ */
211diff --git a/ports/unix/wrapfuncs.in b/ports/unix/wrapfuncs.in
212index 8460a65..e0e9739 100644
213--- a/ports/unix/wrapfuncs.in
214+++ b/ports/unix/wrapfuncs.in
215@@ -67,3 +67,4 @@ void sync(void); /* async_skip= */
216 int syncfs(int fd); /* async_skip=0 */
217 int sync_file_range(int fd, off64_t offset, off64_t nbytes, unsigned int flags); /* async_skip=0 */
218 int msync(void *addr, size_t length, int flags); /* async_skip=0 */
219+mode_t umask(mode_t mask);
220diff --git a/pseudo_client.c b/pseudo_client.c
221index b6d11a6..535c810 100644
222--- a/pseudo_client.c
223+++ b/pseudo_client.c
224@@ -71,6 +71,8 @@ int pseudo_disabled = 0;
225 int pseudo_allow_fsync = 0;
226 static int pseudo_local_only = 0;
227
228+int pseudo_umask = 022;
229+
230 static char **fd_paths = NULL;
231 static int nfds = 0;
232 static int messages = 0;
233@@ -219,6 +221,9 @@ pseudo_init_client(void) {
234 if (!pseudo_disabled && !pseudo_inited) {
235 char *pseudo_path = 0;
236
237+ pseudo_umask = umask(022);
238+ umask(pseudo_umask);
239+
240 pseudo_path = pseudo_prefix_path(NULL);
241 if (pseudo_prefix_dir_fd == -1) {
242 if (pseudo_path) {
95diff --git a/pseudo_client.h b/pseudo_client.h 243diff --git a/pseudo_client.h b/pseudo_client.h
96index f36a772..ecb13a6 100644 244index f36a772..5bf820e 100644
97--- a/pseudo_client.h 245--- a/pseudo_client.h
98+++ b/pseudo_client.h 246+++ b/pseudo_client.h
99@@ -85,6 +85,6 @@ extern int pseudo_nosymlinkexp; 247@@ -72,6 +72,8 @@ extern char *pseudo_passwd;
248 extern size_t pseudo_chroot_len;
249 extern int pseudo_nosymlinkexp;
250
251+extern int pseudo_umask;
252+
253 /* Root can read and write files, and enter directories which have no
254 * read, write, or execute permissions. (But can't execute files without
255 * execute permissions!)
256@@ -85,6 +87,6 @@ extern int pseudo_nosymlinkexp;
100 * None of this will behave very sensibly if umask has 0700 bits in it; 257 * None of this will behave very sensibly if umask has 0700 bits in it;
101 * this is a known limitation. 258 * this is a known limitation.
102 */ 259 */
103-#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) 260-#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0))
104-#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700))) 261-#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700)))
105+#define PSEUDO_FS_MODE(mode, isdir) ((((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) & ~(S_IWOTH | S_IWGRP)) 262+#define PSEUDO_FS_MODE(mode, isdir) (((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH))
106+#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722))) 263+#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722)))
107 264