Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 163770 - sandbox allows accidental modification of mtimes of files
Summary: sandbox allows accidental modification of mtimes of files
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Sandbox (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Sandbox Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-25 16:48 UTC by Harald van Dijk (RETIRED)
Modified: 2008-11-09 14:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Harald van Dijk (RETIRED) gentoo-dev 2007-01-25 16:48:21 UTC 
sandbox allows modification of mtimes of files without any attempts at bypassing it. It's not a big issue, but it could prevent complete unmerging of applications.

Reproducible: Always

Steps to Reproduce:
$ cat test-1.0.ebuild
KEYWORDS=~x86
src_unpack() {
        ls -l /usr/bin/test
        touch /usr/bin/test
        ls -l /usr/bin/test
        die
}
Actual Results:  
$ sudo emerge test/test
Calculating dependencies... done!

>>> Emerging (1 of 1) test/test-1.0 to /
 * checking ebuild checksums ;-) ...                                                                   [ ok ]
 * checking auxfile checksums ;-) ...                                                                  [ ok ]
 * checking miscfile checksums ;-) ...                                                                 [ ok ]
>>> Unpacking source...
-rwxr-xr-x 1 root root 23856 2007-01-06 23:21 /usr/bin/test
ACCESS DENIED  open_wr:   /usr/bin/test
-rwxr-xr-x 1 root root 23856 2007-01-25 17:40 /usr/bin/test

!!! ERROR: test/test-1.0 failed.
Call stack:
  ebuild.sh, line 1611:   Called dyn_unpack
  ebuild.sh, line 748:   Called qa_call 'src_unpack'
  environment, line 1436:   Called src_unpack
  test-1.0.ebuild, line 6:   Called die

!!! (no error message)
!!! If you need support, post the topmost build error, and the call stack if relevant.
!!! A complete build log is located at '/var/tmp/portage/test/test-1.0/temp/build.log'.

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-test_-_test-1.0-19968.log"

open_wr:   /usr/bin/test
--------------------------------------------------------------------------------
!!! This ebuild is from an overlay: '/etc/portage/overlay'

Expected Results:  
-rwxr-xr-x 1 root root 23856 2007-01-06 23:21 /usr/bin/test
ACCESS DENIED  open_wr:   /usr/bin/test
-rwxr-xr-x 1 root root 23856 2007-01-06 23:21 /usr/bin/test

$ emerge --info
Portage 2.1.2-r3 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r4 i686)
=================================================================
System uname: 2.6.19-gentoo-r4 i686 AMD Duron(tm) Processor
Gentoo Base System version 1.12.9
Timestamp of tree: Wed, 24 Jan 2007 06:50:01 +0000
dev-lang/python:     2.5-r1
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.6.3, 1.7.9-r1, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.19.2-r1
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -O2 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-march=athlon-tbird -O2 -fomit-frame-pointer"
DISTDIR="/var/dist"
EMERGE_DEFAULT_OPTS="--with-bdeps=y"
FEATURES="assume-digests autoconfig autopatch collision-protect cvs distlocks metadata-transfer notitles sandbox sfperms sign strict"
GENTOO_MIRRORS="        /var/dist/unofficial    http://ftp.easynet.nl/mirror/gentoo     http://distfiles.gentoo.org  http://www.ibiblio.org/pub/Linux/distributions/gentoo "
LANG="en_GB.UTF-8"
LDFLAGS="-Xlinker --as-needed"
LINGUAS="en_GB en"
MAKEOPTS="-j2"
PKGDIR="/var/pkg"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/var/portage"
PORTDIR_OVERLAY="/var/cvs/gentoo-x86 /etc/portage/overlay /etc/portage/overlay/enlightenment"
SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 acl akode alsa bidi bindist bitmap-fonts bzip2 cairo cdparanoia cjk cli cracklib cups dlloader dri dvd dvdread fbcon flac gif iconv idn immqt ipv6 isdnlog jit jpeg kde kdeenablefinal kdehiddenvisibility lesstif libg++ mbox mmx mmxext mpeg mplayer mudflap ncurses nls nntp nocxx nptl nptlonly objc objc++ objc-gc offensive ogg opengl pango pascal pcre pdf perl png ppds pppd readline reflection rt2500pci rtc scim sdl session source spell spl ssl symlink threads truetype truetype-fonts type1-fonts udev unicode usb utempter vim-with-x vorbis wacom x86 xcomposite xim xorg xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="keyboard mouse wacom" KERNEL="linux" LINGUAS="en_GB en" USERLAND="GNU" VIDEO_CARDS="radeon"
Unset:  CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 SpanKY gentoo-dev 2008-11-09 14:34:28 UTC 
we werent catching the utime related functions ... ive added wrappers to svn