From c8645caf56228da1bd4f448dbf90066911a1c59d Mon Sep 17 00:00:00 2001 From: Peter Seebach Date: Wed, 21 May 2014 18:12:33 -0500 Subject: pseudo: handle fchmodat better, mask out unwanted write bits It turns out that pseudo's decision not to report errors from the host system's fchmodat() can break GNU tar in a very strange way, resulting in directories being mode 0700 instead of whatever they should have been. Additionally, it turns out that if you make directories in your rootfs mode 777, that results in the local copies being mode 777, which could allow a hypothetical attacker with access to the machine to add files to your rootfs image. We should mask out the 022 bits when making actual mode changes in the rootfs. This patch represents a backport to the 1.5.1 branch of three patches from the 1.6 branch, because it took a couple of tries to get this quite right. (From OE-Core rev: 45371858129bbad8f4cfb874e237374a5ba8db4c) Signed-off-by: Peter Seebach Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- meta/recipes-devtools/pseudo/pseudo_1.5.1.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'meta/recipes-devtools/pseudo/pseudo_1.5.1.bb') diff --git a/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb b/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb index 215cdb8bcc..47291fd52e 100644 --- a/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb +++ b/meta/recipes-devtools/pseudo/pseudo_1.5.1.bb @@ -1,12 +1,13 @@ require pseudo.inc -PR = "r4" +PR = "r5" SRC_URI = " \ http://www.yoctoproject.org/downloads/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0001-pseudo_has_unload-add-function.patch \ file://shutdownping.patch \ file://pseudo-1.5.1-install-directory-mode.patch \ + file://pseudo-fchmodat-permissions.patch \ " SRC_URI[md5sum] = "5ec67c7bff5fe68c56de500859c19172" -- cgit v1.2.3-54-g00ecf