Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 688164

Summary: app-portage/unsymlink-lib: running migrate while under umask 077 breaks system for non root users.
Product: Gentoo Linux Reporter: Piotr Karbowski <slashbeast>
Component: StabilizationAssignee: Michał Górny <mgorny>
Status: RESOLVED FIXED    
Severity: normal Keywords: STABLEREQ
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
app-portage/unsymlink-lib-16
Runtime testing required: Yes
Bug Depends on:    
Bug Blocks: 506276    

Description Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2019-06-16 15:17:19 UTC
Seems like running `unsymlink-lib --migrate` while under 077 umask leaves the system broken for non-root users due to path traversal issues caused by non-world readable directories.

Running rollback, changing umask to 022 and re-running --migrate works.

Perhaps the tool should set umask 022 for it's own process tree.
Comment 1 Larry the Git Cow gentoo-dev 2019-06-16 17:35:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbd444389acc5883d05d6afad19f9ace19a365eb

commit fbd444389acc5883d05d6afad19f9ace19a365eb
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-06-16 17:34:37 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-06-16 17:35:03 +0000

    app-portage/unsymlink-lib: Bump to v16
    
    Bump to version 16.  Fixes wrong umask.
    
    Bug: https://bugs.gentoo.org/688164
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 app-portage/unsymlink-lib/Manifest                |  1 +
 app-portage/unsymlink-lib/unsymlink-lib-16.ebuild | 30 +++++++++++++++++++++++
 2 files changed, 31 insertions(+)
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-06-16 17:35:52 UTC
Fix released as v16.  Since this is a major issue, please test and stabilize.
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-06-20 09:00:51 UTC
amd64 stable