Lines 6082-6087
Link Here
|
6082 |
|
6082 |
|
6083 |
self.updateprotect() |
6083 |
self.updateprotect() |
6084 |
|
6084 |
|
|
|
6085 |
nlinkobjs=[] |
6085 |
#process symlinks second-to-last, directories last. |
6086 |
#process symlinks second-to-last, directories last. |
6086 |
mydirs=[] |
6087 |
mydirs=[] |
6087 |
mysyms=[] |
6088 |
mysyms=[] |
Lines 6108-6113
Link Here
|
6108 |
|
6109 |
|
6109 |
lstatobj=os.lstat(obj) |
6110 |
lstatobj=os.lstat(obj) |
6110 |
lmtime=str(lstatobj[stat.ST_MTIME]) |
6111 |
lmtime=str(lstatobj[stat.ST_MTIME]) |
|
|
6112 |
lmode=lstatobj[stat.ST_MODE] |
6111 |
if (pkgfiles[obj][0] not in ("dir","fif","dev","sym")) and (lmtime != pkgfiles[obj][1]): |
6113 |
if (pkgfiles[obj][0] not in ("dir","fif","dev","sym")) and (lmtime != pkgfiles[obj][1]): |
6112 |
print "--- !mtime", pkgfiles[obj][0], obj |
6114 |
print "--- !mtime", pkgfiles[obj][0], obj |
6113 |
continue |
6115 |
continue |
Lines 6128-6133
Link Here
|
6128 |
continue |
6130 |
continue |
6129 |
mymd5=portage_checksum.perform_md5(obj, calc_prelink=1) |
6131 |
mymd5=portage_checksum.perform_md5(obj, calc_prelink=1) |
6130 |
|
6132 |
|
|
|
6133 |
# keep track of suid/sgid binaries with multiple links |
6134 |
if lmode & stat.S_ISUID or lmode & stat.S_ISGID: |
6135 |
if lstatobj[stat.ST_NLINK] > 1: |
6136 |
nlinkobjs.append(obj) |
6137 |
|
6131 |
# string.lower is needed because db entries used to be in upper-case. The |
6138 |
# string.lower is needed because db entries used to be in upper-case. The |
6132 |
# string.lower allows for backwards compatibility. |
6139 |
# string.lower allows for backwards compatibility. |
6133 |
if mymd5 != string.lower(pkgfiles[obj][2]): |
6140 |
if mymd5 != string.lower(pkgfiles[obj][2]): |
Lines 6281-6286
Link Here
|
6281 |
writemsg("!!! FAILED postrm: "+str(a)+"\n") |
6288 |
writemsg("!!! FAILED postrm: "+str(a)+"\n") |
6282 |
sys.exit(123) |
6289 |
sys.exit(123) |
6283 |
|
6290 |
|
|
|
6291 |
if nlinkobjs: |
6292 |
for x in nlinkobjs: |
6293 |
print red("*"), "WARNING: suid/sgid file", x, "has remaining hardlinks." |
6294 |
print red("*"), "WARNING: see gentoo security guide for advice on how to proceed." |
6295 |
|
6284 |
self.unlockdb() |
6296 |
self.unlockdb() |
6285 |
|
6297 |
|
6286 |
def isowner(self,filename,destroot): |
6298 |
def isowner(self,filename,destroot): |
Lines 6553-6558
Link Here
|
6553 |
else: |
6565 |
else: |
6554 |
mergelist=stufftomerge |
6566 |
mergelist=stufftomerge |
6555 |
offset="" |
6567 |
offset="" |
|
|
6568 |
# nlinkdest lists suid/sgid files that have multiple hardlinks. |
6569 |
# this is for security purposes. |
6570 |
nlinkdest=[] |
6556 |
for x in mergelist: |
6571 |
for x in mergelist: |
6557 |
mysrc=os.path.normpath("///"+srcroot+offset+x) |
6572 |
mysrc=os.path.normpath("///"+srcroot+offset+x) |
6558 |
mydest=os.path.normpath("///"+destroot+offset+x) |
6573 |
mydest=os.path.normpath("///"+destroot+offset+x) |
Lines 6587-6599
Link Here
|
6587 |
# handy variables; mydest is the target object on the live filesystems; |
6602 |
# handy variables; mydest is the target object on the live filesystems; |
6588 |
# mysrc is the source object in the temporary install dir |
6603 |
# mysrc is the source object in the temporary install dir |
6589 |
try: |
6604 |
try: |
6590 |
mydmode=os.lstat(mydest)[stat.ST_MODE] |
6605 |
mydstat=os.lstat(mydest) |
|
|
6606 |
mydmode=mydstat[stat.ST_MODE] |
6591 |
except SystemExit, e: |
6607 |
except SystemExit, e: |
6592 |
raise |
6608 |
raise |
6593 |
except: |
6609 |
except: |
6594 |
#dest file doesn't exist |
6610 |
#dest file doesn't exist |
6595 |
mydmode=None |
6611 |
mydmode=None |
6596 |
|
6612 |
|
6597 |
if stat.S_ISLNK(mymode): |
6613 |
if stat.S_ISLNK(mymode): |
6598 |
# we are merging a symbolic link |
6614 |
# we are merging a symbolic link |
6599 |
myabsto=abssymlink(mysrc) |
6615 |
myabsto=abssymlink(mysrc) |
Lines 6809-6814
Link Here
|
6809 |
os.utime(myrealdest,(thismtime,thismtime)) |
6825 |
os.utime(myrealdest,(thismtime,thismtime)) |
6810 |
|
6826 |
|
6811 |
if mymtime!=None: |
6827 |
if mymtime!=None: |
|
|
6828 |
# check if we're replacing a suid/sgid file with |
6829 |
# more than one hardlink for security reasons. |
6830 |
if mydmode & stat.S_ISUID or mydmode & stat.S_ISGID: |
6831 |
if mydstat[stat.ST_NLINK] > 1: |
6832 |
nlinkdest.append(myrealdest) |
6812 |
zing=">>>" |
6833 |
zing=">>>" |
6813 |
outfile.write("obj "+myrealdest+" "+mymd5+" "+str(mymtime)+"\n") |
6834 |
outfile.write("obj "+myrealdest+" "+mymd5+" "+str(mymtime)+"\n") |
6814 |
print zing,mydest |
6835 |
print zing,mydest |
Lines 6826-6831
Link Here
|
6826 |
else: |
6847 |
else: |
6827 |
sys.exit(1) |
6848 |
sys.exit(1) |
6828 |
print zing+" "+mydest |
6849 |
print zing+" "+mydest |
|
|
6850 |
if nlinkdest: |
6851 |
for x in nlinkdest: |
6852 |
print red("*"), "WARNING: replaced suid/sgid file", x, "had remaining hardlinks." |
6853 |
print red("*"), "WARNING: see gentoo security guide for advice on how to proceed." |
6829 |
|
6854 |
|
6830 |
def merge(self,mergeroot,inforoot,myroot,myebuild=None,cleanup=0): |
6855 |
def merge(self,mergeroot,inforoot,myroot,myebuild=None,cleanup=0): |
6831 |
return self.treewalk(mergeroot,myroot,inforoot,myebuild,cleanup=cleanup) |
6856 |
return self.treewalk(mergeroot,myroot,inforoot,myebuild,cleanup=cleanup) |