Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 169812 Details for
Bug 225007
Some scm eclasses set incorrect permissions on DISTDIR (CVE-2008-3797)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to check for world-writable directory, including bzr.eclass
vcs-eclasses.patch (text/plain), 2.84 KB, created by
Ulrich Müller
on 2008-10-25 14:49:03 UTC
(
hide
)
Description:
Patch to check for world-writable directory, including bzr.eclass
Filename:
MIME Type:
Creator:
Ulrich Müller
Created:
2008-10-25 14:49:03 UTC
Size:
2.84 KB
patch
obsolete
>--- git.eclass 16 Jun 2008 11:22:38 -0000 1.14 >+++ git.eclass 6 Oct 2008 06:42:36 -0000 >@@ -177,6 +177,12 @@ > mkdir -p "${EGIT_STORE_DIR}" \ > || die "${EGIT}: can't mkdir ${EGIT_STORE_DIR}." > export SANDBOX_WRITE="${SANDBOX_WRITE%%:/}" >+ elif [[ $(find "${EGIT_STORE_DIR}" -maxdepth 0 -type d -perm -o+w) ]]; then >+ # Found world-writable directory, created by previous buggy version >+ # of this eclass. This is a security issue, so refuse to continue. >+ eerror "Directory ${EGIT_STORE_DIR} is world-writable which is" >+ eerror "a security issue. Please remove it and retry." >+ die "${EGIT}: ${EGIT_STORE_DIR} is world-writable" > fi > > cd -P "${EGIT_STORE_DIR}" || die "${EGIT}: can't chdir to ${EGIT_STORE_DIR}" >--- mercurial.eclass 13 Oct 2006 23:45:03 -0000 1.3 >+++ mercurial.eclass 6 Oct 2008 06:42:37 -0000 >@@ -37,6 +37,12 @@ > chmod -f g+rw "${EHG_STORE_DIR}" && > export SANDBOX_WRITE="${SANDBOX_WRITE%:/}" > eend $? || die >+ elif [[ $(find "${EHG_STORE_DIR}" -maxdepth 0 -type d -perm -o+w) ]]; then >+ # Found world-writable directory, created by previous buggy version >+ # of this eclass. This is a security issue, so refuse to continue. >+ eerror "Directory ${EHG_STORE_DIR} is world-writable which is" >+ eerror "a security issue. Please remove it and retry." >+ die "${EHG_STORE_DIR} is world-writable" > fi > > pushd "${EHG_STORE_DIR}" >/dev/null \ >--- subversion.eclass 27 May 2008 09:49:09 -0000 1.60 >+++ subversion.eclass 6 Oct 2008 06:42:37 -0000 >@@ -192,6 +192,12 @@ > if [[ ! -d ${ESVN_STORE_DIR} ]]; then > debug-print "${FUNCNAME}: initial checkout. creating subversion directory" > mkdir -p "${ESVN_STORE_DIR}" || die "${ESVN}: can't mkdir ${ESVN_STORE_DIR}." >+ elif [[ $(find "${ESVN_STORE_DIR}" -maxdepth 0 -type d -perm -o+w) ]]; then >+ # Found world-writable directory, created by previous buggy version >+ # of this eclass. This is a security issue, so refuse to continue. >+ eerror "Directory ${ESVN_STORE_DIR} is world-writable which is" >+ eerror "a security issue. Please remove it and retry." >+ die "${ESVN}: ${ESVN_STORE_DIR} is world-writable" > fi > > cd "${ESVN_STORE_DIR}" || die "${ESVN}: can't chdir to ${ESVN_STORE_DIR}" >--- bzr.eclass 25 Oct 2008 12:17:23 -0000 1.1 >+++ bzr.eclass 25 Oct 2008 14:42:28 -0000 >@@ -140,6 +140,12 @@ > mkdir -p "${EBZR_STORE_DIR}" \ > || die "${EBZR}: can't mkdir ${EBZR_STORE_DIR}." > export SANDBOX_WRITE="${SANDBOX_WRITE%%:/}" >+ elif [[ $(find "${EBZR_STORE_DIR}" -maxdepth 0 -type d -perm -o+w) ]]; then >+ # Found world-writable directory, created by previous buggy version >+ # of this eclass. This is a security issue, so refuse to continue. >+ eerror "Directory ${EBZR_STORE_DIR} is world-writable which is" >+ eerror "a security issue. Please remove it and retry." >+ die "${EBZR}: ${EBZR_STORE_DIR} is world-writable" > fi > > cd -P "${EBZR_STORE_DIR}" || die "${EBZR}: can't chdir to ${EBZR_STORE_DIR}"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=169812">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 225007
:
167417
|
167418
| 169812
