From 5927edf4eae67989a8ed332c249014a6ed2f38ba Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Thu, 1 Aug 2013 18:17:16 +0100 Subject: classes/sanity: check for suid root command evility Some users have been found to have an unnamed third-party piece of software installed which sets chmod, chown and mknod as suid root as part of its installation process. This interferes with the operation of pseudo and can result in files really being owned by root within the build output, and therefore breaks the build, apart from being a security issue. Check for this and bail out if it is found. Reported-by: Nicolas Dechesne (From OE-Core master rev: 08d61529f3c7a48ec82e1f8c9c28c7b2e5238934) (From OE-Core rev: 041342a518e1d33349eb52e11750e155a5647735) Signed-off-by: Paul Eggleton Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- meta/classes/sanity.bbclass | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 425d5127ec..e3444d1ba5 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -195,6 +195,17 @@ def check_sanity_tmpdir_change(tmpdir, data): # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS) testmsg = check_create_long_filename(tmpdir, "TMPDIR") + + # Some third-party software apparently relies on chmod etc. being suid root (!!) + import stat + suid_check_bins = "chown chmod mknod".split() + for bin_cmd in suid_check_bins: + bin_path = bb.utils.which(os.environ["PATH"], bin_cmd) + if bin_path: + bin_stat = os.stat(bin_path) + if bin_stat.st_uid == 0 and bin_stat.st_mode & stat.S_ISUID: + testmsg = testmsg + '%s has the setuid bit set. This interferes with pseudo and may cause other issues that break the build process.\n' % bin_path + # Check that we can fetch from various network transports errmsg = check_connectivity(data) testmsg = testmsg + check_connectivity(data) -- cgit v1.2.3-54-g00ecf