Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 384478 Details for
Bug 519566
Add support for Trusted Path Execution (TPE) (fix complaints about group-writable directory)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Remove g+w bit from $T for TPE
Remove-g-w-bit-from-T-for-TPE-bug-519566.patch (text/plain), 2.72 KB, created by
Zac Medico
on 2014-09-09 20:36:05 UTC
(
hide
)
Description:
Remove g+w bit from $T for TPE
Filename:
MIME Type:
Creator:
Zac Medico
Created:
2014-09-09 20:36:05 UTC
Size:
2.72 KB
patch
obsolete
>From 47500f08e20271b786d5f090dd763f0393b68248 Mon Sep 17 00:00:00 2001 >From: Zac Medico <zmedico@gentoo.org> >Date: Tue, 9 Sep 2014 13:29:30 -0700 >Subject: [PATCH] Remove g+w bit from $T for TPE bug #519566 > >Grant permissions to the portage user instead of the group, in order >to avoid TPE complaints about the g+w bit. > >X-Gentoo-Bug: 519566 >X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=519566 >--- > pym/portage/package/ebuild/doebuild.py | 7 ++++--- > pym/portage/package/ebuild/prepare_build_dirs.py | 9 ++------- > 2 files changed, 6 insertions(+), 10 deletions(-) > >diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py >index 01707ae..9f077b5 100644 >--- a/pym/portage/package/ebuild/doebuild.py >+++ b/pym/portage/package/ebuild/doebuild.py >@@ -1486,7 +1486,7 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, > "uid": portage_uid, > "gid": portage_gid, > "groups": userpriv_groups, >- "umask": 0o02 >+ "umask": 0o22 > }) > > # Adjust pty ownership so that subprocesses >@@ -1644,8 +1644,9 @@ def _post_phase_userpriv_perms(mysettings): > """ Privileged phases may have left files that need to be made > writable to a less privileged user.""" > apply_recursive_permissions(mysettings["T"], >- uid=portage_uid, gid=portage_gid, dirmode=0o70, dirmask=0, >- filemode=0o60, filemask=0) >+ uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, >+ filemode=0o600, filemask=0) >+ > > def _check_build_log(mysettings, out=None): > """ >diff --git a/pym/portage/package/ebuild/prepare_build_dirs.py b/pym/portage/package/ebuild/prepare_build_dirs.py >index 6782160..ce54fdf 100644 >--- a/pym/portage/package/ebuild/prepare_build_dirs.py >+++ b/pym/portage/package/ebuild/prepare_build_dirs.py >@@ -76,17 +76,12 @@ def prepare_build_dirs(myroot=None, settings=None, cleanup=False): > ensure_dirs(mydir) > try: > apply_secpass_permissions(mydir, >- gid=portage_gid, uid=portage_uid, mode=0o70, mask=0) >+ gid=portage_gid, uid=portage_uid, mode=0o700, mask=0) > except PortageException: > if not os.path.isdir(mydir): > raise > for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"): >- """These directories don't necessarily need to be group writable. >- However, the setup phase is commonly run as a privileged user prior >- to the other phases being run by an unprivileged user. Currently, >- we use the portage group to ensure that the unprivleged user still >- has write access to these directories in any case.""" >- ensure_dirs(mysettings[dir_key], mode=0o775) >+ ensure_dirs(mysettings[dir_key], mode=0o755) > apply_secpass_permissions(mysettings[dir_key], > uid=portage_uid, gid=portage_gid) > except PermissionDenied as e: >-- >1.8.5.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=384478">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 519566
:
384380
| 384478
