Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 152474 - disallow access to $S/$FILESDIR in pkg_* functions
Summary: disallow access to $S/$FILESDIR in pkg_* functions
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Ebuild Support (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Portage team
: 170567 (view as bug list)
Depends on:
Reported: 2006-10-23 01:04 UTC by SpanKY
Modified: 2022-03-16 01:29 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description SpanKY gentoo-dev 2006-10-23 01:04:24 UTC
as a nice QA measure, we should prevent access to $S in all pkg_* functions

i think a combo of first adding it to the sandbox deny path and then setting it to a non-existent path should do the trick ... unsetting it might not be so hot as something like `rm -rf "${S}"/tmp` or `rm -rf "${S}"/usr` which previously would have been ok may now have disastrous consequences ...
Comment 1 Simon Stelling (RETIRED) gentoo-dev 2006-10-23 01:49:20 UTC
Nice idea. I would suggest doing the same for FILESDIR.
Comment 2 Marius Mauch (RETIRED) gentoo-dev 2007-01-11 07:25:45 UTC
Sounds good.
Comment 3 SpanKY gentoo-dev 2007-02-26 01:41:00 UTC
conversely, if we set ROOT to like /var/tmp/portage/eat/my/balls in all src_* functions and add that path to the sandbox deny path ...
Comment 4 Ciaran McCreesh 2007-03-09 16:58:00 UTC
Kinda relevant to this:

16:51 < ciaranm> incidentally... what i really want is a SANDBOX_WARN_READ etc
16:51 < ciaranm> so we can catch naughty ebuilds by doing SANDBOX_WARN_READ="${ROOT}" and setting ROOT to /blah/BAD_BROKEN_EBUILD_NO_COOKIE which is a symlink to /
16:52 < ferringb> ciaranm: that trick shouldn't work offhand
16:52 < ciaranm> ferringb: it won't work with sandbox the way it is currently, no
16:52 < ferringb> ciaranm: sandbox abspath's most of what it deals with.
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2008-02-17 20:59:17 UTC
*** Bug 170567 has been marked as a duplicate of this bug. ***
Comment 6 Dennis Schridde 2014-08-22 04:50:52 UTC
(In reply to SpanKY from comment #3)
> conversely, if we set ROOT to like /var/tmp/portage/eat/my/balls in all
> src_* functions and add that path to the sandbox deny path ...

See-Also: bug #138388