1 files changed, 163 insertions, 6 deletions
diff --git a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
index 2bd2289372..7b1f82d577 100644
--- a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
+++ b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
@@ -1,4 +1,4 @@
-commit 5a6f2896ed44029ced2a33ac64c962737c5171a0
+commit 7e67d082737b3df4788caf85fedd607b3acd9786
 Author: Peter Seebach <peter.seebach@windriver.com>
 Date:   Fri May 16 15:53:06 2014 -0500
@@ -11,18 +11,27 @@ Date:   Fri May 16 15:53:06 2014 -0500
    AT_SYMLINK_NOFOLLOW by rejecting it if the host system does,
    to make GNU tar happier), also mask out write bits from filesystem
    modes to avoid security problems.
+    
+    Also start tracking umask so we can use the right modes for
+    open, mkdir, and mknod.
    The 1.6 patches are:
    87c53ea58befef48677846693aab445df1850e16
    3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23
    c98e4f43b5d6499748a5057134408f4ba4854fb4
+    2f71a021b725c1aa415439209a89327f0b997d02
+    14925786b55202d8147b0af719038e8a23ef73c0
 diff --git a/ChangeLog.txt b/ChangeLog.txt
-index 113f675..fab1033 100644
+index 113f675..cc966ce 100644
 --- a/ChangeLog.txt
 +++ b/ChangeLog.txt
-@@ -1,3 +1,14 @@
+@@ -1,3 +1,18 @@
+2014-05-27:
+       * (seebs) start noticing umask, mask it out from open or mkdir
+         calls rather than relying on underlying open/mkdir to do it.
+
 +2014-05-16:
 +       * (seebs) fchmodat: don't drop flags, report failures, to improve
 +         compatibility/consistency. Cache the knowledge that
@@ -37,6 +46,60 @@ index 113f675..fab1033 100644
 2013-02-27:
        * (seebs) Oh, hey, what if I took out my debug messages?
        * (seebs) update docs a bit to reduce bitrot
+diff --git a/makewrappers b/makewrappers
+index e87cc56..0127766 100755
+--- a/makewrappers
+++ b/makewrappers
+@@ -204,6 +204,7 @@ class Function:
+             'uid_t': '0',
+             'int': '-1',
+             'long': '-1',
+            'mode_t': '0',
+             'ssize_t': '-1'
+         }
+     
+diff --git a/ports/darwin/guts/open.c b/ports/darwin/guts/open.c
+index c66cc15..520bb70 100644
+--- a/ports/darwin/guts/open.c
+++ b/ports/darwin/guts/open.c
+@@ -9,6 +9,9 @@
+        struct stat buf = { };
+        int existed = 1;
+        int save_errno;
+
+       /* mask out mode bits appropriately */
+       mode = mode & ~pseudo_umask;
+ #ifdef PSEUDO_FORCE_ASYNCH
+         flags &= ~O_SYNC;
+ #endif
+diff --git a/ports/linux/guts/__xmknodat.c b/ports/linux/guts/__xmknodat.c
+index 59b4f2f..0888b8a 100644
+--- a/ports/linux/guts/__xmknodat.c
+++ b/ports/linux/guts/__xmknodat.c
+@@ -9,6 +9,9 @@
+        pseudo_msg_t *msg;
+        struct stat64 buf;
+ 
+       /* mask out mode bits appropriately */
+       mode = mode & ~pseudo_umask;
+
+        /* we don't use underlying call, so _ver is irrelevant to us */
+        (void) ver;
+ 
+diff --git a/ports/linux/guts/openat.c b/ports/linux/guts/openat.c
+index 8460073..4053549 100644
+--- a/ports/linux/guts/openat.c
+++ b/ports/linux/guts/openat.c
+@@ -10,6 +10,9 @@
+        int existed = 1;
+        int save_errno;
+ 
+       /* mask out mode bits appropriately */
+       mode = mode & ~pseudo_umask;
+
+ #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
+        if (dirfd != AT_FDCWD) {
+                errno = ENOSYS;
 diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c
 index 59a92ce..69a953c 100644
 --- a/ports/unix/guts/fchmodat.c
@@ -92,16 +155,110 @@ index 59a92ce..69a953c 100644
         * may believe you are permitted to change modes that the filesystem
         * doesn't. Note that we also don't need to know whether the
          * file might be a (pseudo) block device or some such; pseudo
+diff --git a/ports/unix/guts/mkdirat.c b/ports/unix/guts/mkdirat.c
+index e846b70..e0b6af9 100644
+--- a/ports/unix/guts/mkdirat.c
+++ b/ports/unix/guts/mkdirat.c
+@@ -6,11 +6,14 @@
+  * wrap_mkdirat(int dirfd, const char *path, mode_t mode) {
+  *     int rc = -1;
+  */
+       /* mask out mode bits appropriately */
+       mode = mode & ~pseudo_umask;
+ #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
+        if (dirfd != AT_FDCWD) {
+                errno = ENOSYS;
+                return -1;
+        }
+
+        rc = real_mkdir(path, PSEUDO_FS_MODE(mode, 1));
+ #else
+        rc = real_mkdirat(dirfd, path, PSEUDO_FS_MODE(mode, 1));
+diff --git a/ports/unix/guts/mknodat.c b/ports/unix/guts/mknodat.c
+index 6fd5b42..5d8d47c 100644
+--- a/ports/unix/guts/mknodat.c
+++ b/ports/unix/guts/mknodat.c
+@@ -10,6 +10,9 @@
+        PSEUDO_STATBUF buf;
+         int save_errno = errno;
+ 
+       /* mask out mode bits appropriately */
+       mode = mode & ~pseudo_umask;
+
+ #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
+        if (dirfd != AT_FDCWD) {
+                errno = ENOSYS;
+diff --git a/ports/unix/guts/umask.c b/ports/unix/guts/umask.c
+new file mode 100644
+index 0000000..6b060d3
+--- /dev/null
+++ b/ports/unix/guts/umask.c
+@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2014 Wind River Systems; see
+ * guts/COPYRIGHT for information.
+ *
+ * mode_t umask(mode_t mask)
+ *     mode_t rc = 0;
+ */
+
+       pseudo_umask = mask;
+       rc = real_umask(mask);
+
+/*     return rc;
+ * }
+ */
+diff --git a/ports/unix/wrapfuncs.in b/ports/unix/wrapfuncs.in
+index 8460a65..e0e9739 100644
+--- a/ports/unix/wrapfuncs.in
+++ b/ports/unix/wrapfuncs.in
+@@ -67,3 +67,4 @@ void sync(void); /* async_skip= */
+ int syncfs(int fd); /* async_skip=0 */
+ int sync_file_range(int fd, off64_t offset, off64_t nbytes, unsigned int flags); /* async_skip=0 */
+ int msync(void *addr, size_t length, int flags); /* async_skip=0 */
+mode_t umask(mode_t mask);
+diff --git a/pseudo_client.c b/pseudo_client.c
+index b6d11a6..535c810 100644
+--- a/pseudo_client.c
+++ b/pseudo_client.c
+@@ -71,6 +71,8 @@ int pseudo_disabled = 0;
+ int pseudo_allow_fsync = 0;
+ static int pseudo_local_only = 0;
+ 
+int pseudo_umask = 022;
+
+ static char **fd_paths = NULL;
+ static int nfds = 0;
+ static int messages = 0;
+@@ -219,6 +221,9 @@ pseudo_init_client(void) {
+        if (!pseudo_disabled && !pseudo_inited) {
+                char *pseudo_path = 0;
+ 
+               pseudo_umask = umask(022);
+               umask(pseudo_umask);
+
+                pseudo_path = pseudo_prefix_path(NULL);
+                if (pseudo_prefix_dir_fd == -1) {
+                        if (pseudo_path) {
 diff --git a/pseudo_client.h b/pseudo_client.h
-index f36a772..ecb13a6 100644
+index f36a772..5bf820e 100644
 --- a/pseudo_client.h
 +++ b/pseudo_client.h
-@@ -85,6 +85,6 @@ extern int pseudo_nosymlinkexp;
+@@ -72,6 +72,8 @@ extern char *pseudo_passwd;
+ extern size_t pseudo_chroot_len;
+ extern int pseudo_nosymlinkexp;
+ 
+extern int pseudo_umask;
+
+ /* Root can read and write files, and enter directories which have no
+  * read, write, or execute permissions.  (But can't execute files without
+  * execute permissions!)
+@@ -85,6 +87,6 @@ extern int pseudo_nosymlinkexp;
  * None of this will behave very sensibly if umask has 0700 bits in it;
  * this is a known limitation.
  */
 -#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0))
 -#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700)))
-+#define PSEUDO_FS_MODE(mode, isdir) ((((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) & ~(S_IWOTH | S_IWGRP))
+#define PSEUDO_FS_MODE(mode, isdir) (((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH))
 +#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722)))

diff --git a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch index 2bd2289372..7b1f82d577 100644 --- a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch +++ b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
@@ -1,4 +1,4 @@
1	commit 5a6f2896ed44029ced2a33ac64c962737c5171a0	1	commit 7e67d082737b3df4788caf85fedd607b3acd9786
2	Author: Peter Seebach <peter.seebach@windriver.com>	2	Author: Peter Seebach <peter.seebach@windriver.com>
3	Date: Fri May 16 15:53:06 2014 -0500	3	Date: Fri May 16 15:53:06 2014 -0500
4		4
@@ -11,18 +11,27 @@ Date: Fri May 16 15:53:06 2014 -0500
11	AT_SYMLINK_NOFOLLOW by rejecting it if the host system does,	11	AT_SYMLINK_NOFOLLOW by rejecting it if the host system does,
12	to make GNU tar happier), also mask out write bits from filesystem	12	to make GNU tar happier), also mask out write bits from filesystem
13	modes to avoid security problems.	13	modes to avoid security problems.
		14
		15	Also start tracking umask so we can use the right modes for
		16	open, mkdir, and mknod.
14		17
15	The 1.6 patches are:	18	The 1.6 patches are:
16		19
17	87c53ea58befef48677846693aab445df1850e16	20	87c53ea58befef48677846693aab445df1850e16
18	3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23	21	3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23
19	c98e4f43b5d6499748a5057134408f4ba4854fb4	22	c98e4f43b5d6499748a5057134408f4ba4854fb4
		23	2f71a021b725c1aa415439209a89327f0b997d02
		24	14925786b55202d8147b0af719038e8a23ef73c0
20		25
21	diff --git a/ChangeLog.txt b/ChangeLog.txt	26	diff --git a/ChangeLog.txt b/ChangeLog.txt
22	index 113f675..fab1033 100644	27	index 113f675..cc966ce 100644
23	--- a/ChangeLog.txt	28	--- a/ChangeLog.txt
24	+++ b/ChangeLog.txt	29	+++ b/ChangeLog.txt
25	@@ -1,3 +1,14 @@	30	@@ -1,3 +1,18 @@
		31	+2014-05-27:
		32	+ * (seebs) start noticing umask, mask it out from open or mkdir
		33	+ calls rather than relying on underlying open/mkdir to do it.
		34	+
26	+2014-05-16:	35	+2014-05-16:
27	+ * (seebs) fchmodat: don't drop flags, report failures, to improve	36	+ * (seebs) fchmodat: don't drop flags, report failures, to improve
28	+ compatibility/consistency. Cache the knowledge that	37	+ compatibility/consistency. Cache the knowledge that
@@ -37,6 +46,60 @@ index 113f675..fab1033 100644
37	2013-02-27:	46	2013-02-27:
38	* (seebs) Oh, hey, what if I took out my debug messages?	47	* (seebs) Oh, hey, what if I took out my debug messages?
39	* (seebs) update docs a bit to reduce bitrot	48	* (seebs) update docs a bit to reduce bitrot
		49	diff --git a/makewrappers b/makewrappers
		50	index e87cc56..0127766 100755
		51	--- a/makewrappers
		52	+++ b/makewrappers
		53	@@ -204,6 +204,7 @@ class Function:
		54	'uid_t': '0',
		55	'int': '-1',
		56	'long': '-1',
		57	+ 'mode_t': '0',
		58	'ssize_t': '-1'
		59	}
		60
		61	diff --git a/ports/darwin/guts/open.c b/ports/darwin/guts/open.c
		62	index c66cc15..520bb70 100644
		63	--- a/ports/darwin/guts/open.c
		64	+++ b/ports/darwin/guts/open.c
		65	@@ -9,6 +9,9 @@
		66	struct stat buf = { };
		67	int existed = 1;
		68	int save_errno;
		69	+
		70	+ /* mask out mode bits appropriately */
		71	+ mode = mode & ~pseudo_umask;
		72	#ifdef PSEUDO_FORCE_ASYNCH
		73	flags &= ~O_SYNC;
		74	#endif
		75	diff --git a/ports/linux/guts/__xmknodat.c b/ports/linux/guts/__xmknodat.c
		76	index 59b4f2f..0888b8a 100644
		77	--- a/ports/linux/guts/__xmknodat.c
		78	+++ b/ports/linux/guts/__xmknodat.c
		79	@@ -9,6 +9,9 @@
		80	pseudo_msg_t *msg;
		81	struct stat64 buf;
		82
		83	+ /* mask out mode bits appropriately */
		84	+ mode = mode & ~pseudo_umask;
		85	+
		86	/* we don't use underlying call, so _ver is irrelevant to us */
		87	(void) ver;
		88
		89	diff --git a/ports/linux/guts/openat.c b/ports/linux/guts/openat.c
		90	index 8460073..4053549 100644
		91	--- a/ports/linux/guts/openat.c
		92	+++ b/ports/linux/guts/openat.c
		93	@@ -10,6 +10,9 @@
		94	int existed = 1;
		95	int save_errno;
		96
		97	+ /* mask out mode bits appropriately */
		98	+ mode = mode & ~pseudo_umask;
		99	+
		100	#ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
		101	if (dirfd != AT_FDCWD) {
		102	errno = ENOSYS;
40	diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c	103	diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c
41	index 59a92ce..69a953c 100644	104	index 59a92ce..69a953c 100644
42	--- a/ports/unix/guts/fchmodat.c	105	--- a/ports/unix/guts/fchmodat.c
@@ -92,16 +155,110 @@ index 59a92ce..69a953c 100644
92	* may believe you are permitted to change modes that the filesystem	155	* may believe you are permitted to change modes that the filesystem
93	* doesn't. Note that we also don't need to know whether the	156	* doesn't. Note that we also don't need to know whether the
94	* file might be a (pseudo) block device or some such; pseudo	157	* file might be a (pseudo) block device or some such; pseudo
		158	diff --git a/ports/unix/guts/mkdirat.c b/ports/unix/guts/mkdirat.c
		159	index e846b70..e0b6af9 100644
		160	--- a/ports/unix/guts/mkdirat.c
		161	+++ b/ports/unix/guts/mkdirat.c
		162	@@ -6,11 +6,14 @@
		163	* wrap_mkdirat(int dirfd, const char *path, mode_t mode) {
		164	* int rc = -1;
		165	*/
		166	+ /* mask out mode bits appropriately */
		167	+ mode = mode & ~pseudo_umask;
		168	#ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
		169	if (dirfd != AT_FDCWD) {
		170	errno = ENOSYS;
		171	return -1;
		172	}
		173	+
		174	rc = real_mkdir(path, PSEUDO_FS_MODE(mode, 1));
		175	#else
		176	rc = real_mkdirat(dirfd, path, PSEUDO_FS_MODE(mode, 1));
		177	diff --git a/ports/unix/guts/mknodat.c b/ports/unix/guts/mknodat.c
		178	index 6fd5b42..5d8d47c 100644
		179	--- a/ports/unix/guts/mknodat.c
		180	+++ b/ports/unix/guts/mknodat.c
		181	@@ -10,6 +10,9 @@
		182	PSEUDO_STATBUF buf;
		183	int save_errno = errno;
		184
		185	+ /* mask out mode bits appropriately */
		186	+ mode = mode & ~pseudo_umask;
		187	+
		188	#ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
		189	if (dirfd != AT_FDCWD) {
		190	errno = ENOSYS;
		191	diff --git a/ports/unix/guts/umask.c b/ports/unix/guts/umask.c
		192	new file mode 100644
		193	index 0000000..6b060d3
		194	--- /dev/null
		195	+++ b/ports/unix/guts/umask.c
		196	@@ -0,0 +1,14 @@
		197	+/*
		198	+ * Copyright (c) 2014 Wind River Systems; see
		199	+ * guts/COPYRIGHT for information.
		200	+ *
		201	+ * mode_t umask(mode_t mask)
		202	+ * mode_t rc = 0;
		203	+ */
		204	+
		205	+ pseudo_umask = mask;
		206	+ rc = real_umask(mask);
		207	+
		208	+/* return rc;
		209	+ * }
		210	+ */
		211	diff --git a/ports/unix/wrapfuncs.in b/ports/unix/wrapfuncs.in
		212	index 8460a65..e0e9739 100644
		213	--- a/ports/unix/wrapfuncs.in
		214	+++ b/ports/unix/wrapfuncs.in
		215	@@ -67,3 +67,4 @@ void sync(void); /* async_skip= */
		216	int syncfs(int fd); /* async_skip=0 */
		217	int sync_file_range(int fd, off64_t offset, off64_t nbytes, unsigned int flags); /* async_skip=0 */
		218	int msync(void addr, size_t length, int flags); / async_skip=0 */
		219	+mode_t umask(mode_t mask);
		220	diff --git a/pseudo_client.c b/pseudo_client.c
		221	index b6d11a6..535c810 100644
		222	--- a/pseudo_client.c
		223	+++ b/pseudo_client.c
		224	@@ -71,6 +71,8 @@ int pseudo_disabled = 0;
		225	int pseudo_allow_fsync = 0;
		226	static int pseudo_local_only = 0;
		227
		228	+int pseudo_umask = 022;
		229	+
		230	static char **fd_paths = NULL;
		231	static int nfds = 0;
		232	static int messages = 0;
		233	@@ -219,6 +221,9 @@ pseudo_init_client(void) {
		234	if (!pseudo_disabled && !pseudo_inited) {
		235	char *pseudo_path = 0;
		236
		237	+ pseudo_umask = umask(022);
		238	+ umask(pseudo_umask);
		239	+
		240	pseudo_path = pseudo_prefix_path(NULL);
		241	if (pseudo_prefix_dir_fd == -1) {
		242	if (pseudo_path) {
95	diff --git a/pseudo_client.h b/pseudo_client.h	243	diff --git a/pseudo_client.h b/pseudo_client.h
96	index f36a772..ecb13a6 100644	244	index f36a772..5bf820e 100644
97	--- a/pseudo_client.h	245	--- a/pseudo_client.h
98	+++ b/pseudo_client.h	246	+++ b/pseudo_client.h
99	@@ -85,6 +85,6 @@ extern int pseudo_nosymlinkexp;	247	@@ -72,6 +72,8 @@ extern char *pseudo_passwd;
		248	extern size_t pseudo_chroot_len;
		249	extern int pseudo_nosymlinkexp;
		250
		251	+extern int pseudo_umask;
		252	+
		253	/* Root can read and write files, and enter directories which have no
		254	* read, write, or execute permissions. (But can't execute files without
		255	* execute permissions!)
		256	@@ -85,6 +87,6 @@ extern int pseudo_nosymlinkexp;
100	* None of this will behave very sensibly if umask has 0700 bits in it;	257	* None of this will behave very sensibly if umask has 0700 bits in it;
101	* this is a known limitation.	258	* this is a known limitation.
102	*/	259	*/
103	-#define PSEUDO_FS_MODE(mode, isdir) ((mode) \| S_IRUSR \| S_IWUSR \| ((isdir) ? S_IXUSR : 0))	260	-#define PSEUDO_FS_MODE(mode, isdir) ((mode) \| S_IRUSR \| S_IWUSR \| ((isdir) ? S_IXUSR : 0))
104	-#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) \| ((user_mode & 0700)))	261	-#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) \| ((user_mode & 0700)))
105	+#define PSEUDO_FS_MODE(mode, isdir) ((((mode) \| S_IRUSR \| S_IWUSR \| ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP \| S_IWOTH)) & ~(S_IWOTH \| S_IWGRP))	262	+#define PSEUDO_FS_MODE(mode, isdir) (((mode) \| S_IRUSR \| S_IWUSR \| ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP \| S_IWOTH))
106	+#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) \| ((user_mode & 0722)))	263	+#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) \| ((user_mode & 0722)))
107		264