diff options
author | Peter Seebach <peter.seebach@windriver.com> | 2014-05-27 19:14:46 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-28 08:19:31 +0100 |
commit | 3bf24188b6735bc156f0e2f0acde0277b8443737 (patch) | |
tree | 11193d03f8ec5c653e888d69798314f56f06b00e /meta | |
parent | da9dd699b0127b70494ac68f30167fd7bfdc5f9d (diff) | |
download | poky-3bf24188b6735bc156f0e2f0acde0277b8443737.tar.gz |
pseudo: Honor umask again
The fchmodat-permissions patch was fine for the fchmod case, but
had the unintended side effect of disregarding umask settings for
open, mknod, mkdir, and their close relatives. Start tracking umask
and masking the umask bits out where appropriate.
(From OE-Core rev: ce23c1cc33a015fbd184df6c16658353334ab611)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch | 169 |
1 files changed, 163 insertions, 6 deletions
diff --git a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch index 2bd2289372..7b1f82d577 100644 --- a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch +++ b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | commit 5a6f2896ed44029ced2a33ac64c962737c5171a0 | 1 | commit 7e67d082737b3df4788caf85fedd607b3acd9786 |
2 | Author: Peter Seebach <peter.seebach@windriver.com> | 2 | Author: Peter Seebach <peter.seebach@windriver.com> |
3 | Date: Fri May 16 15:53:06 2014 -0500 | 3 | Date: Fri May 16 15:53:06 2014 -0500 |
4 | 4 | ||
@@ -11,18 +11,27 @@ Date: Fri May 16 15:53:06 2014 -0500 | |||
11 | AT_SYMLINK_NOFOLLOW by rejecting it if the host system does, | 11 | AT_SYMLINK_NOFOLLOW by rejecting it if the host system does, |
12 | to make GNU tar happier), also mask out write bits from filesystem | 12 | to make GNU tar happier), also mask out write bits from filesystem |
13 | modes to avoid security problems. | 13 | modes to avoid security problems. |
14 | |||
15 | Also start tracking umask so we can use the right modes for | ||
16 | open, mkdir, and mknod. | ||
14 | 17 | ||
15 | The 1.6 patches are: | 18 | The 1.6 patches are: |
16 | 19 | ||
17 | 87c53ea58befef48677846693aab445df1850e16 | 20 | 87c53ea58befef48677846693aab445df1850e16 |
18 | 3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23 | 21 | 3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23 |
19 | c98e4f43b5d6499748a5057134408f4ba4854fb4 | 22 | c98e4f43b5d6499748a5057134408f4ba4854fb4 |
23 | 2f71a021b725c1aa415439209a89327f0b997d02 | ||
24 | 14925786b55202d8147b0af719038e8a23ef73c0 | ||
20 | 25 | ||
21 | diff --git a/ChangeLog.txt b/ChangeLog.txt | 26 | diff --git a/ChangeLog.txt b/ChangeLog.txt |
22 | index 113f675..fab1033 100644 | 27 | index 113f675..cc966ce 100644 |
23 | --- a/ChangeLog.txt | 28 | --- a/ChangeLog.txt |
24 | +++ b/ChangeLog.txt | 29 | +++ b/ChangeLog.txt |
25 | @@ -1,3 +1,14 @@ | 30 | @@ -1,3 +1,18 @@ |
31 | +2014-05-27: | ||
32 | + * (seebs) start noticing umask, mask it out from open or mkdir | ||
33 | + calls rather than relying on underlying open/mkdir to do it. | ||
34 | + | ||
26 | +2014-05-16: | 35 | +2014-05-16: |
27 | + * (seebs) fchmodat: don't drop flags, report failures, to improve | 36 | + * (seebs) fchmodat: don't drop flags, report failures, to improve |
28 | + compatibility/consistency. Cache the knowledge that | 37 | + compatibility/consistency. Cache the knowledge that |
@@ -37,6 +46,60 @@ index 113f675..fab1033 100644 | |||
37 | 2013-02-27: | 46 | 2013-02-27: |
38 | * (seebs) Oh, hey, what if I took out my debug messages? | 47 | * (seebs) Oh, hey, what if I took out my debug messages? |
39 | * (seebs) update docs a bit to reduce bitrot | 48 | * (seebs) update docs a bit to reduce bitrot |
49 | diff --git a/makewrappers b/makewrappers | ||
50 | index e87cc56..0127766 100755 | ||
51 | --- a/makewrappers | ||
52 | +++ b/makewrappers | ||
53 | @@ -204,6 +204,7 @@ class Function: | ||
54 | 'uid_t': '0', | ||
55 | 'int': '-1', | ||
56 | 'long': '-1', | ||
57 | + 'mode_t': '0', | ||
58 | 'ssize_t': '-1' | ||
59 | } | ||
60 | |||
61 | diff --git a/ports/darwin/guts/open.c b/ports/darwin/guts/open.c | ||
62 | index c66cc15..520bb70 100644 | ||
63 | --- a/ports/darwin/guts/open.c | ||
64 | +++ b/ports/darwin/guts/open.c | ||
65 | @@ -9,6 +9,9 @@ | ||
66 | struct stat buf = { }; | ||
67 | int existed = 1; | ||
68 | int save_errno; | ||
69 | + | ||
70 | + /* mask out mode bits appropriately */ | ||
71 | + mode = mode & ~pseudo_umask; | ||
72 | #ifdef PSEUDO_FORCE_ASYNCH | ||
73 | flags &= ~O_SYNC; | ||
74 | #endif | ||
75 | diff --git a/ports/linux/guts/__xmknodat.c b/ports/linux/guts/__xmknodat.c | ||
76 | index 59b4f2f..0888b8a 100644 | ||
77 | --- a/ports/linux/guts/__xmknodat.c | ||
78 | +++ b/ports/linux/guts/__xmknodat.c | ||
79 | @@ -9,6 +9,9 @@ | ||
80 | pseudo_msg_t *msg; | ||
81 | struct stat64 buf; | ||
82 | |||
83 | + /* mask out mode bits appropriately */ | ||
84 | + mode = mode & ~pseudo_umask; | ||
85 | + | ||
86 | /* we don't use underlying call, so _ver is irrelevant to us */ | ||
87 | (void) ver; | ||
88 | |||
89 | diff --git a/ports/linux/guts/openat.c b/ports/linux/guts/openat.c | ||
90 | index 8460073..4053549 100644 | ||
91 | --- a/ports/linux/guts/openat.c | ||
92 | +++ b/ports/linux/guts/openat.c | ||
93 | @@ -10,6 +10,9 @@ | ||
94 | int existed = 1; | ||
95 | int save_errno; | ||
96 | |||
97 | + /* mask out mode bits appropriately */ | ||
98 | + mode = mode & ~pseudo_umask; | ||
99 | + | ||
100 | #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS | ||
101 | if (dirfd != AT_FDCWD) { | ||
102 | errno = ENOSYS; | ||
40 | diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c | 103 | diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c |
41 | index 59a92ce..69a953c 100644 | 104 | index 59a92ce..69a953c 100644 |
42 | --- a/ports/unix/guts/fchmodat.c | 105 | --- a/ports/unix/guts/fchmodat.c |
@@ -92,16 +155,110 @@ index 59a92ce..69a953c 100644 | |||
92 | * may believe you are permitted to change modes that the filesystem | 155 | * may believe you are permitted to change modes that the filesystem |
93 | * doesn't. Note that we also don't need to know whether the | 156 | * doesn't. Note that we also don't need to know whether the |
94 | * file might be a (pseudo) block device or some such; pseudo | 157 | * file might be a (pseudo) block device or some such; pseudo |
158 | diff --git a/ports/unix/guts/mkdirat.c b/ports/unix/guts/mkdirat.c | ||
159 | index e846b70..e0b6af9 100644 | ||
160 | --- a/ports/unix/guts/mkdirat.c | ||
161 | +++ b/ports/unix/guts/mkdirat.c | ||
162 | @@ -6,11 +6,14 @@ | ||
163 | * wrap_mkdirat(int dirfd, const char *path, mode_t mode) { | ||
164 | * int rc = -1; | ||
165 | */ | ||
166 | + /* mask out mode bits appropriately */ | ||
167 | + mode = mode & ~pseudo_umask; | ||
168 | #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS | ||
169 | if (dirfd != AT_FDCWD) { | ||
170 | errno = ENOSYS; | ||
171 | return -1; | ||
172 | } | ||
173 | + | ||
174 | rc = real_mkdir(path, PSEUDO_FS_MODE(mode, 1)); | ||
175 | #else | ||
176 | rc = real_mkdirat(dirfd, path, PSEUDO_FS_MODE(mode, 1)); | ||
177 | diff --git a/ports/unix/guts/mknodat.c b/ports/unix/guts/mknodat.c | ||
178 | index 6fd5b42..5d8d47c 100644 | ||
179 | --- a/ports/unix/guts/mknodat.c | ||
180 | +++ b/ports/unix/guts/mknodat.c | ||
181 | @@ -10,6 +10,9 @@ | ||
182 | PSEUDO_STATBUF buf; | ||
183 | int save_errno = errno; | ||
184 | |||
185 | + /* mask out mode bits appropriately */ | ||
186 | + mode = mode & ~pseudo_umask; | ||
187 | + | ||
188 | #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS | ||
189 | if (dirfd != AT_FDCWD) { | ||
190 | errno = ENOSYS; | ||
191 | diff --git a/ports/unix/guts/umask.c b/ports/unix/guts/umask.c | ||
192 | new file mode 100644 | ||
193 | index 0000000..6b060d3 | ||
194 | --- /dev/null | ||
195 | +++ b/ports/unix/guts/umask.c | ||
196 | @@ -0,0 +1,14 @@ | ||
197 | +/* | ||
198 | + * Copyright (c) 2014 Wind River Systems; see | ||
199 | + * guts/COPYRIGHT for information. | ||
200 | + * | ||
201 | + * mode_t umask(mode_t mask) | ||
202 | + * mode_t rc = 0; | ||
203 | + */ | ||
204 | + | ||
205 | + pseudo_umask = mask; | ||
206 | + rc = real_umask(mask); | ||
207 | + | ||
208 | +/* return rc; | ||
209 | + * } | ||
210 | + */ | ||
211 | diff --git a/ports/unix/wrapfuncs.in b/ports/unix/wrapfuncs.in | ||
212 | index 8460a65..e0e9739 100644 | ||
213 | --- a/ports/unix/wrapfuncs.in | ||
214 | +++ b/ports/unix/wrapfuncs.in | ||
215 | @@ -67,3 +67,4 @@ void sync(void); /* async_skip= */ | ||
216 | int syncfs(int fd); /* async_skip=0 */ | ||
217 | int sync_file_range(int fd, off64_t offset, off64_t nbytes, unsigned int flags); /* async_skip=0 */ | ||
218 | int msync(void *addr, size_t length, int flags); /* async_skip=0 */ | ||
219 | +mode_t umask(mode_t mask); | ||
220 | diff --git a/pseudo_client.c b/pseudo_client.c | ||
221 | index b6d11a6..535c810 100644 | ||
222 | --- a/pseudo_client.c | ||
223 | +++ b/pseudo_client.c | ||
224 | @@ -71,6 +71,8 @@ int pseudo_disabled = 0; | ||
225 | int pseudo_allow_fsync = 0; | ||
226 | static int pseudo_local_only = 0; | ||
227 | |||
228 | +int pseudo_umask = 022; | ||
229 | + | ||
230 | static char **fd_paths = NULL; | ||
231 | static int nfds = 0; | ||
232 | static int messages = 0; | ||
233 | @@ -219,6 +221,9 @@ pseudo_init_client(void) { | ||
234 | if (!pseudo_disabled && !pseudo_inited) { | ||
235 | char *pseudo_path = 0; | ||
236 | |||
237 | + pseudo_umask = umask(022); | ||
238 | + umask(pseudo_umask); | ||
239 | + | ||
240 | pseudo_path = pseudo_prefix_path(NULL); | ||
241 | if (pseudo_prefix_dir_fd == -1) { | ||
242 | if (pseudo_path) { | ||
95 | diff --git a/pseudo_client.h b/pseudo_client.h | 243 | diff --git a/pseudo_client.h b/pseudo_client.h |
96 | index f36a772..ecb13a6 100644 | 244 | index f36a772..5bf820e 100644 |
97 | --- a/pseudo_client.h | 245 | --- a/pseudo_client.h |
98 | +++ b/pseudo_client.h | 246 | +++ b/pseudo_client.h |
99 | @@ -85,6 +85,6 @@ extern int pseudo_nosymlinkexp; | 247 | @@ -72,6 +72,8 @@ extern char *pseudo_passwd; |
248 | extern size_t pseudo_chroot_len; | ||
249 | extern int pseudo_nosymlinkexp; | ||
250 | |||
251 | +extern int pseudo_umask; | ||
252 | + | ||
253 | /* Root can read and write files, and enter directories which have no | ||
254 | * read, write, or execute permissions. (But can't execute files without | ||
255 | * execute permissions!) | ||
256 | @@ -85,6 +87,6 @@ extern int pseudo_nosymlinkexp; | ||
100 | * None of this will behave very sensibly if umask has 0700 bits in it; | 257 | * None of this will behave very sensibly if umask has 0700 bits in it; |
101 | * this is a known limitation. | 258 | * this is a known limitation. |
102 | */ | 259 | */ |
103 | -#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) | 260 | -#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) |
104 | -#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700))) | 261 | -#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700))) |
105 | +#define PSEUDO_FS_MODE(mode, isdir) ((((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) & ~(S_IWOTH | S_IWGRP)) | 262 | +#define PSEUDO_FS_MODE(mode, isdir) (((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) |
106 | +#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722))) | 263 | +#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722))) |
107 | 264 | ||