diff options
author | Mark Asselstine <mark.asselstine@windriver.com> | 2016-04-08 17:46:27 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-04-09 23:00:45 +0100 |
commit | 9fe3d01f27445652c3020413d66a5cdeb3c3259c (patch) | |
tree | 59ff2224eaf90e580325f195415f0992bafe4e5f /meta | |
parent | fb8e5f903ce341eec1929bf315fa8e3752a4e3a5 (diff) | |
download | poky-9fe3d01f27445652c3020413d66a5cdeb3c3259c.tar.gz |
useradd_base.bbclass: prevent variable expansion in $opts
Many user/group operations will involve hashes which will include '$'
followed by a number or even possibly an env. variable name. Passing
$opts to flock requires that we take additional precautions to prevent
the unexpected expansion of these instances.
This was found by an image which used usermod operations to set the
password hash for root. The image could not be logged-in to and
examining /etc/shadow clearly showed that $0 and other $* variables
had been expanded unexpectedly. This change returnes the behavior to
what existed prior to commit 2ebf697b46c42cee8bfa6d2e6087397f8cce385c
[useradd_base.bbclass: replace retry logic with flock].
(From OE-Core rev: d80065642c5a1c95a298b235a8d575460147ede1)
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/useradd_base.bbclass | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass index 9b8f5c2207..e7081d98f0 100644 --- a/meta/classes/useradd_base.bbclass +++ b/meta/classes/useradd_base.bbclass | |||
@@ -18,7 +18,7 @@ perform_groupadd () { | |||
18 | local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" | 18 | local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" |
19 | if test "x$group_exists" = "x"; then | 19 | if test "x$group_exists" = "x"; then |
20 | opts=`echo $opts | sed s/\'/\"/g` | 20 | opts=`echo $opts | sed s/\'/\"/g` |
21 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO groupadd $opts\' || true | 21 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO groupadd \$opts\" || true |
22 | group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" | 22 | group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" |
23 | if test "x$group_exists" = "x"; then | 23 | if test "x$group_exists" = "x"; then |
24 | bbfatal "${PN}: groupadd command did not succeed." | 24 | bbfatal "${PN}: groupadd command did not succeed." |
@@ -36,7 +36,7 @@ perform_useradd () { | |||
36 | local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" | 36 | local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" |
37 | if test "x$user_exists" = "x"; then | 37 | if test "x$user_exists" = "x"; then |
38 | opts=`echo $opts | sed s/\'/\"/g` | 38 | opts=`echo $opts | sed s/\'/\"/g` |
39 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO useradd $opts\' || true | 39 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO useradd \$opts\" || true |
40 | user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" | 40 | user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" |
41 | if test "x$user_exists" = "x"; then | 41 | if test "x$user_exists" = "x"; then |
42 | bbfatal "${PN}: useradd command did not succeed." | 42 | bbfatal "${PN}: useradd command did not succeed." |
@@ -63,7 +63,7 @@ perform_groupmems () { | |||
63 | fi | 63 | fi |
64 | local mem_exists="`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*" $rootdir/etc/group || true`" | 64 | local mem_exists="`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*" $rootdir/etc/group || true`" |
65 | if test "x$mem_exists" = "x"; then | 65 | if test "x$mem_exists" = "x"; then |
66 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO groupmems $opts\' || true | 66 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO groupmems \$opts\" || true |
67 | mem_exists="`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*" $rootdir/etc/group || true`" | 67 | mem_exists="`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*" $rootdir/etc/group || true`" |
68 | if test "x$mem_exists" = "x"; then | 68 | if test "x$mem_exists" = "x"; then |
69 | bbfatal "${PN}: groupmems command did not succeed." | 69 | bbfatal "${PN}: groupmems command did not succeed." |
@@ -84,7 +84,7 @@ perform_groupdel () { | |||
84 | local groupname=`echo "$opts" | awk '{ print $NF }'` | 84 | local groupname=`echo "$opts" | awk '{ print $NF }'` |
85 | local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" | 85 | local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" |
86 | if test "x$group_exists" != "x"; then | 86 | if test "x$group_exists" != "x"; then |
87 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO groupdel $opts\' || true | 87 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO groupdel \$opts\" || true |
88 | group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" | 88 | group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" |
89 | if test "x$group_exists" != "x"; then | 89 | if test "x$group_exists" != "x"; then |
90 | bbfatal "${PN}: groupdel command did not succeed." | 90 | bbfatal "${PN}: groupdel command did not succeed." |
@@ -101,7 +101,7 @@ perform_userdel () { | |||
101 | local username=`echo "$opts" | awk '{ print $NF }'` | 101 | local username=`echo "$opts" | awk '{ print $NF }'` |
102 | local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" | 102 | local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" |
103 | if test "x$user_exists" != "x"; then | 103 | if test "x$user_exists" != "x"; then |
104 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO userdel $opts\' || true | 104 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO userdel \$opts\" || true |
105 | user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" | 105 | user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" |
106 | if test "x$user_exists" != "x"; then | 106 | if test "x$user_exists" != "x"; then |
107 | bbfatal "${PN}: userdel command did not succeed." | 107 | bbfatal "${PN}: userdel command did not succeed." |
@@ -121,7 +121,7 @@ perform_groupmod () { | |||
121 | local groupname=`echo "$opts" | awk '{ print $NF }'` | 121 | local groupname=`echo "$opts" | awk '{ print $NF }'` |
122 | local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" | 122 | local group_exists="`grep "^$groupname:" $rootdir/etc/group || true`" |
123 | if test "x$group_exists" != "x"; then | 123 | if test "x$group_exists" != "x"; then |
124 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO groupmod $opts\' | 124 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO groupmod \$opts\" |
125 | if test $? != 0; then | 125 | if test $? != 0; then |
126 | bbwarn "${PN}: groupmod command did not succeed." | 126 | bbwarn "${PN}: groupmod command did not succeed." |
127 | fi | 127 | fi |
@@ -140,7 +140,7 @@ perform_usermod () { | |||
140 | local username=`echo "$opts" | awk '{ print $NF }'` | 140 | local username=`echo "$opts" | awk '{ print $NF }'` |
141 | local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" | 141 | local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" |
142 | if test "x$user_exists" != "x"; then | 142 | if test "x$user_exists" != "x"; then |
143 | eval flock -x -w 100 $rootdir${sysconfdir} -c \'$PSEUDO usermod $opts\' | 143 | eval flock -x -w 100 $rootdir${sysconfdir} -c \"$PSEUDO usermod \$opts\" |
144 | if test $? != 0; then | 144 | if test $? != 0; then |
145 | bbfatal "${PN}: usermod command did not succeed." | 145 | bbfatal "${PN}: usermod command did not succeed." |
146 | fi | 146 | fi |