Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688164 - app-portage/unsymlink-lib: running migrate while under umask 077 breaks system for non root users.
Summary: app-portage/unsymlink-lib: running migrate while under umask 077 breaks syste...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michał Górny
URL:
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks: no-symlink-lib
  Show dependency tree
 
Reported: 2019-06-16 15:17 UTC by Piotr Karbowski
Modified: 2019-06-20 09:02 UTC (History)
0 users

See Also:
Package list:
app-portage/unsymlink-lib-16
Runtime testing required: Yes
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2019-06-16 15:17:19 UTC
Seems like running `unsymlink-lib --migrate` while under 077 umask leaves the system broken for non-root users due to path traversal issues caused by non-world readable directories.

Running rollback, changing umask to 022 and re-running --migrate works.

Perhaps the tool should set umask 022 for it's own process tree.
Comment 1 Larry the Git Cow gentoo-dev 2019-06-16 17:35:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbd444389acc5883d05d6afad19f9ace19a365eb

commit fbd444389acc5883d05d6afad19f9ace19a365eb
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-06-16 17:34:37 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-06-16 17:35:03 +0000

    app-portage/unsymlink-lib: Bump to v16
    
    Bump to version 16.  Fixes wrong umask.
    
    Bug: https://bugs.gentoo.org/688164
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 app-portage/unsymlink-lib/Manifest                |  1 +
 app-portage/unsymlink-lib/unsymlink-lib-16.ebuild | 30 +++++++++++++++++++++++
 2 files changed, 31 insertions(+)
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-06-16 17:35:52 UTC
Fix released as v16.  Since this is a major issue, please test and stabilize.
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-06-20 09:00:51 UTC
amd64 stable