summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch')
-rw-r--r--meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch107
1 files changed, 107 insertions, 0 deletions
diff --git a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
new file mode 100644
index 0000000000..2bd2289372
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch
@@ -0,0 +1,107 @@
1commit 5a6f2896ed44029ced2a33ac64c962737c5171a0
2Author: Peter Seebach <peter.seebach@windriver.com>
3Date: Fri May 16 15:53:06 2014 -0500
4
5 permissions updates: improve fchmodat, mask out write bits
6
7 Upstream-Status: Backport of several patches from 1.6 branch,
8 combined.
9
10 Backport from pseudo 1.6 of improvements to fchmodat (handle
11 AT_SYMLINK_NOFOLLOW by rejecting it if the host system does,
12 to make GNU tar happier), also mask out write bits from filesystem
13 modes to avoid security problems.
14
15 The 1.6 patches are:
16
17 87c53ea58befef48677846693aab445df1850e16
18 3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23
19 c98e4f43b5d6499748a5057134408f4ba4854fb4
20
21diff --git a/ChangeLog.txt b/ChangeLog.txt
22index 113f675..fab1033 100644
23--- a/ChangeLog.txt
24+++ b/ChangeLog.txt
25@@ -1,3 +1,14 @@
26+2014-05-16:
27+ * (seebs) fchmodat: don't drop flags, report failures, to improve
28+ compatibility/consistency. Cache the knowledge that
29+ AT_SYMLINK_NOFOLLOW gets ENOTSUP.
30+ * (seebs) mask out group/other write bits in real filesystem to
31+ reduce risks when assembling a rootfs including world-writeable
32+ directories.
33+
34+2014-05-15:
35+ * (seebs) drop flags when calling fchmodat() to appease GNU tar.
36+
37 2013-02-27:
38 * (seebs) Oh, hey, what if I took out my debug messages?
39 * (seebs) update docs a bit to reduce bitrot
40diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c
41index 59a92ce..69a953c 100644
42--- a/ports/unix/guts/fchmodat.c
43+++ b/ports/unix/guts/fchmodat.c
44@@ -8,6 +8,7 @@
45 */
46 PSEUDO_STATBUF buf;
47 int save_errno = errno;
48+ static int picky_fchmodat = 0;
49
50 #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
51 if (dirfd != AT_FDCWD) {
52@@ -15,6 +16,16 @@
53 return -1;
54 }
55 if (flags & AT_SYMLINK_NOFOLLOW) {
56+ /* Linux, as of this writing, will always reject this.
57+ * GNU tar relies on getting the rejection. To cut down
58+ * on traffic, we check for the failure, and if we saw
59+ * a failure previously, we reject it right away and tell
60+ * the caller to retry.
61+ */
62+ if (picky_fchmodat) {
63+ errno = ENOTSUP;
64+ return -1;
65+ }
66 rc = base_lstat(path, &buf);
67 } else {
68 rc = base_stat(path, &buf);
69@@ -50,13 +61,22 @@
70
71 /* user bits added so "root" can always access files. */
72 #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS
73- /* note: if path was a symlink, and AT_NOFOLLOW_SYMLINKS was
74+ /* note: if path was a symlink, and AT_SYMLINK_NOFOLLOW was
75 * specified, we already bailed previously. */
76 real_chmod(path, PSEUDO_FS_MODE(mode, S_ISDIR(buf.st_mode)));
77 #else
78- real_fchmodat(dirfd, path, PSEUDO_FS_MODE(mode, S_ISDIR(buf.st_mode)), flags);
79+ rc = real_fchmodat(dirfd, path, PSEUDO_FS_MODE(mode, S_ISDIR(buf.st_mode)), flags);
80+ /* AT_SYMLINK_NOFOLLOW isn't supported by fchmodat. GNU tar
81+ * tries to use it anyway, figuring it can just retry if that
82+ * fails. So we want to report that *particular* failure instead
83+ * of doing the fallback.
84+ */
85+ if (rc == -1 && errno == ENOTSUP && (flags & AT_SYMLINK_NOFOLLOW)) {
86+ picky_fchmodat = 1;
87+ return -1;
88+ }
89 #endif
90- /* we ignore a failure from underlying fchmod, because pseudo
91+ /* we otherwise ignore failures from underlying fchmod, because pseudo
92 * may believe you are permitted to change modes that the filesystem
93 * doesn't. Note that we also don't need to know whether the
94 * file might be a (pseudo) block device or some such; pseudo
95diff --git a/pseudo_client.h b/pseudo_client.h
96index f36a772..ecb13a6 100644
97--- a/pseudo_client.h
98+++ b/pseudo_client.h
99@@ -85,6 +85,6 @@ extern int pseudo_nosymlinkexp;
100 * None of this will behave very sensibly if umask has 0700 bits in it;
101 * this is a known limitation.
102 */
103-#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0))
104-#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700)))
105+#define PSEUDO_FS_MODE(mode, isdir) ((((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) & ~(S_IWOTH | S_IWGRP))
106+#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722)))
107