|
Lines 6082-6087
Link Here
|
| 6082 |
|
6082 |
|
| 6083 |
self.updateprotect() |
6083 |
self.updateprotect() |
| 6084 |
|
6084 |
|
|
|
6085 |
nlinkobjs=[] |
| 6085 |
#process symlinks second-to-last, directories last. |
6086 |
#process symlinks second-to-last, directories last. |
| 6086 |
mydirs=[] |
6087 |
mydirs=[] |
| 6087 |
mysyms=[] |
6088 |
mysyms=[] |
|
Lines 6108-6113
Link Here
|
| 6108 |
|
6109 |
|
| 6109 |
lstatobj=os.lstat(obj) |
6110 |
lstatobj=os.lstat(obj) |
| 6110 |
lmtime=str(lstatobj[stat.ST_MTIME]) |
6111 |
lmtime=str(lstatobj[stat.ST_MTIME]) |
|
|
6112 |
lmode=lstatobj[stat.ST_MODE] |
| 6111 |
if (pkgfiles[obj][0] not in ("dir","fif","dev","sym")) and (lmtime != pkgfiles[obj][1]): |
6113 |
if (pkgfiles[obj][0] not in ("dir","fif","dev","sym")) and (lmtime != pkgfiles[obj][1]): |
| 6112 |
print "--- !mtime", pkgfiles[obj][0], obj |
6114 |
print "--- !mtime", pkgfiles[obj][0], obj |
| 6113 |
continue |
6115 |
continue |
|
Lines 6128-6133
Link Here
|
| 6128 |
continue |
6130 |
continue |
| 6129 |
mymd5=portage_checksum.perform_md5(obj, calc_prelink=1) |
6131 |
mymd5=portage_checksum.perform_md5(obj, calc_prelink=1) |
| 6130 |
|
6132 |
|
|
|
6133 |
# keep track of suid/sgid binaries with multiple links |
| 6134 |
if lmode & stat.S_ISUID or lmode & stat.S_ISGID: |
| 6135 |
if lstatobj[stat.ST_NLINK] > 1: |
| 6136 |
nlinkobjs.append(obj) |
| 6137 |
|
| 6131 |
# string.lower is needed because db entries used to be in upper-case. The |
6138 |
# string.lower is needed because db entries used to be in upper-case. The |
| 6132 |
# string.lower allows for backwards compatibility. |
6139 |
# string.lower allows for backwards compatibility. |
| 6133 |
if mymd5 != string.lower(pkgfiles[obj][2]): |
6140 |
if mymd5 != string.lower(pkgfiles[obj][2]): |
|
Lines 6281-6286
Link Here
|
| 6281 |
writemsg("!!! FAILED postrm: "+str(a)+"\n") |
6288 |
writemsg("!!! FAILED postrm: "+str(a)+"\n") |
| 6282 |
sys.exit(123) |
6289 |
sys.exit(123) |
| 6283 |
|
6290 |
|
|
|
6291 |
if nlinkobjs: |
| 6292 |
for x in nlinkobjs: |
| 6293 |
print red("*"), "WARNING: suid/sgid file", x, "has remaining hardlinks." |
| 6294 |
print red("*"), "WARNING: see gentoo security guide for advice on how to proceed." |
| 6295 |
|
| 6284 |
self.unlockdb() |
6296 |
self.unlockdb() |
| 6285 |
|
6297 |
|
| 6286 |
def isowner(self,filename,destroot): |
6298 |
def isowner(self,filename,destroot): |
|
Lines 6553-6558
Link Here
|
| 6553 |
else: |
6565 |
else: |
| 6554 |
mergelist=stufftomerge |
6566 |
mergelist=stufftomerge |
| 6555 |
offset="" |
6567 |
offset="" |
|
|
6568 |
# nlinkdest lists suid/sgid files that have multiple hardlinks. |
| 6569 |
# this is for security purposes. |
| 6570 |
nlinkdest=[] |
| 6556 |
for x in mergelist: |
6571 |
for x in mergelist: |
| 6557 |
mysrc=os.path.normpath("///"+srcroot+offset+x) |
6572 |
mysrc=os.path.normpath("///"+srcroot+offset+x) |
| 6558 |
mydest=os.path.normpath("///"+destroot+offset+x) |
6573 |
mydest=os.path.normpath("///"+destroot+offset+x) |
|
Lines 6587-6599
Link Here
|
| 6587 |
# handy variables; mydest is the target object on the live filesystems; |
6602 |
# handy variables; mydest is the target object on the live filesystems; |
| 6588 |
# mysrc is the source object in the temporary install dir |
6603 |
# mysrc is the source object in the temporary install dir |
| 6589 |
try: |
6604 |
try: |
| 6590 |
mydmode=os.lstat(mydest)[stat.ST_MODE] |
6605 |
mydstat=os.lstat(mydest) |
|
|
6606 |
mydmode=mydstat[stat.ST_MODE] |
| 6591 |
except SystemExit, e: |
6607 |
except SystemExit, e: |
| 6592 |
raise |
6608 |
raise |
| 6593 |
except: |
6609 |
except: |
| 6594 |
#dest file doesn't exist |
6610 |
#dest file doesn't exist |
| 6595 |
mydmode=None |
6611 |
mydmode=None |
| 6596 |
|
6612 |
|
| 6597 |
if stat.S_ISLNK(mymode): |
6613 |
if stat.S_ISLNK(mymode): |
| 6598 |
# we are merging a symbolic link |
6614 |
# we are merging a symbolic link |
| 6599 |
myabsto=abssymlink(mysrc) |
6615 |
myabsto=abssymlink(mysrc) |
|
Lines 6809-6814
Link Here
|
| 6809 |
os.utime(myrealdest,(thismtime,thismtime)) |
6825 |
os.utime(myrealdest,(thismtime,thismtime)) |
| 6810 |
|
6826 |
|
| 6811 |
if mymtime!=None: |
6827 |
if mymtime!=None: |
|
|
6828 |
# check if we're replacing a suid/sgid file with |
| 6829 |
# more than one hardlink for security reasons. |
| 6830 |
if mydmode & stat.S_ISUID or mydmode & stat.S_ISGID: |
| 6831 |
if mydstat[stat.ST_NLINK] > 1: |
| 6832 |
nlinkdest.append(myrealdest) |
| 6812 |
zing=">>>" |
6833 |
zing=">>>" |
| 6813 |
outfile.write("obj "+myrealdest+" "+mymd5+" "+str(mymtime)+"\n") |
6834 |
outfile.write("obj "+myrealdest+" "+mymd5+" "+str(mymtime)+"\n") |
| 6814 |
print zing,mydest |
6835 |
print zing,mydest |
|
Lines 6826-6831
Link Here
|
| 6826 |
else: |
6847 |
else: |
| 6827 |
sys.exit(1) |
6848 |
sys.exit(1) |
| 6828 |
print zing+" "+mydest |
6849 |
print zing+" "+mydest |
|
|
6850 |
if nlinkdest: |
| 6851 |
for x in nlinkdest: |
| 6852 |
print red("*"), "WARNING: replaced suid/sgid file", x, "had remaining hardlinks." |
| 6853 |
print red("*"), "WARNING: see gentoo security guide for advice on how to proceed." |
| 6829 |
|
6854 |
|
| 6830 |
def merge(self,mergeroot,inforoot,myroot,myebuild=None,cleanup=0): |
6855 |
def merge(self,mergeroot,inforoot,myroot,myebuild=None,cleanup=0): |
| 6831 |
return self.treewalk(mergeroot,myroot,inforoot,myebuild,cleanup=cleanup) |
6856 |
return self.treewalk(mergeroot,myroot,inforoot,myebuild,cleanup=cleanup) |
