102569 – sandbox-1.2.12 executed with / as cwd causes SANDBOX_WRITE to contain /

Bug 102569 - sandbox-1.2.12 executed with / as cwd causes SANDBOX_WRITE to contain /

Summary: sandbox-1.2.12 executed with / as cwd causes SANDBOX_WRITE to contain /

Status:	RESOLVED DUPLICATE of bug 102126

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All All

Importance:	High major (vote)
Assignee:	Sandbox Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-08-14 20:13 UTC by Zac Medico
Modified:	2007-04-01 22:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Zac Medico gentoo-dev

2005-08-14 20:13:57 UTC

Inside sandbox.c, sandbox_info->work_dir is initialized from getcwd and in
get_sandbox_write_envvar() it is inserted into SANDBOX_WRITE.  This can give
write access to all files when sandbox is executed with / as cwd.

I have encountered this problem while testing portage-2.1.0_alpha20050718 which
does not change cwd, unlike the stable portage-2.0.51.22-r2 which automatically
changes cwd to PORTAGE_TMPDIR.

Comment 1 Martin Schlemmer (RETIRED) gentoo-dev

2005-08-15 05:56:26 UTC

_Only_ if EBUILD is not set ... don't new portage do this ?

Comment 2 Zac Medico gentoo-dev

2005-08-15 06:30:24 UTC

Oops, I'm sorry azarah.  The behavior was so strange that I assumed it was a
sandbox bug without really analyzing the logic in there.  If it's a portage bug
then we should dup it against bug 102126.

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2007-04-01 22:03:54 UTC


*** This bug has been marked as a duplicate of bug 102126 ***