Attachment 50654 Details for Bug 81097 – portage nlinks patch

[patch] portage nlinks patch

portage-nlinks.diff (text/plain), 1.35 KB, created by Tavis Ormandy (RETIRED) on 2005-02-07 12:41:19 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Tavis Ormandy (RETIRED)

Created: 2005-02-07 12:41:19 UTC

Size: 1.35 KB

patch

obsolete

>--- portage.py~	2005-02-07 19:31:24.065773360 +0000
>+++ portage.py	2005-02-07 20:35:44.826848464 +0000
>@@ -6082,6 +6082,7 @@
> 
> 			self.updateprotect()
> 
>+			nlinkobjs=[]
> 			#process symlinks second-to-last, directories last.
> 			mydirs=[]
> 			mysyms=[]
>@@ -6108,6 +6109,7 @@
> 
> 				lstatobj=os.lstat(obj)
> 				lmtime=str(lstatobj[stat.ST_MTIME])
>+				lmode=lstatobj[stat.ST_MODE]
> 				if (pkgfiles[obj][0] not in ("dir","fif","dev","sym")) and (lmtime != pkgfiles[obj][1]):
> 					print "--- !mtime", pkgfiles[obj][0], obj
> 					continue
>@@ -6128,6 +6130,11 @@
> 						continue
> 					mymd5=portage_checksum.perform_md5(obj, calc_prelink=1)
> 
>+					# keep track of suid/sgid binaries with multiple links
>+					if lmode & stat.S_ISUID or lmode & stat.S_ISGID:
>+						if lstatobj[stat.ST_NLINK] > 1:
>+							nlinkobjs.append(obj)
>+
> 					# string.lower is needed because db entries used to be in upper-case.  The
> 					# string.lower allows for backwards compatibility.
> 					if mymd5 != string.lower(pkgfiles[obj][2]):
>@@ -6281,6 +6288,11 @@
> 				writemsg("!!! FAILED postrm: "+str(a)+"\n")
> 				sys.exit(123)
> 
>+		if nlinkobjs:
>+			for x in nlinkobjs:
>+				print red("*"), "WARNING: suid/sgid file", x, "has remaining hardlinks."
>+			print red("*"), "WARNING: see gentoo security guide for advice on how to proceed."
>+
> 		self.unlockdb()
> 
> 	def isowner(self,filename,destroot):

Actions: View | Diff

Attachments on bug 81097: 50654 | 50680 | 50901 | 121712