diff options
author | Peter Seebach <peter.seebach@windriver.com> | 2014-05-21 18:12:33 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-27 16:11:53 +0100 |
commit | c8645caf56228da1bd4f448dbf90066911a1c59d (patch) | |
tree | b341875bbe4b0b57cc0f6a12f75947371b86f971 /meta/recipes-devtools/pseudo/pseudo_1.5.1.bb | |
parent | 2b7f8db606804a1abb316fde9104e6e32413e3df (diff) | |
download | poky-c8645caf56228da1bd4f448dbf90066911a1c59d.tar.gz |
pseudo: handle fchmodat better, mask out unwanted write bits
It turns out that pseudo's decision not to report errors from
the host system's fchmodat() can break GNU tar in a very strange
way, resulting in directories being mode 0700 instead of whatever
they should have been.
Additionally, it turns out that if you make directories in your
rootfs mode 777, that results in the local copies being mode 777,
which could allow a hypothetical attacker with access to the
machine to add files to your rootfs image. We should mask out
the 022 bits when making actual mode changes in the rootfs.
This patch represents a backport to the 1.5.1 branch of three
patches from the 1.6 branch, because it took a couple of tries
to get this quite right.
(From OE-Core rev: 45371858129bbad8f4cfb874e237374a5ba8db4c)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/pseudo/pseudo_1.5.1.bb')
-rw-r--r-- | meta/recipes-devtools/pseudo/pseudo_1.5.1.bb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb b/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb index 215cdb8bcc..47291fd52e 100644 --- a/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb +++ b/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb | |||
@@ -1,12 +1,13 @@ | |||
1 | require pseudo.inc | 1 | require pseudo.inc |
2 | 2 | ||
3 | PR = "r4" | 3 | PR = "r5" |
4 | 4 | ||
5 | SRC_URI = " \ | 5 | SRC_URI = " \ |
6 | http://www.yoctoproject.org/downloads/${BPN}/${BPN}-${PV}.tar.bz2 \ | 6 | http://www.yoctoproject.org/downloads/${BPN}/${BPN}-${PV}.tar.bz2 \ |
7 | file://0001-pseudo_has_unload-add-function.patch \ | 7 | file://0001-pseudo_has_unload-add-function.patch \ |
8 | file://shutdownping.patch \ | 8 | file://shutdownping.patch \ |
9 | file://pseudo-1.5.1-install-directory-mode.patch \ | 9 | file://pseudo-1.5.1-install-directory-mode.patch \ |
10 | file://pseudo-fchmodat-permissions.patch \ | ||
10 | " | 11 | " |
11 | 12 | ||
12 | SRC_URI[md5sum] = "5ec67c7bff5fe68c56de500859c19172" | 13 | SRC_URI[md5sum] = "5ec67c7bff5fe68c56de500859c19172" |