michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 5 months ago
Clone

Blame SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch

0b2921
From 0d83637769b8a122b1e80f2e960ea1bbae8b4f10 Mon Sep 17 00:00:00 2001
0b2921
Message-Id: <0d83637769b8a122b1e80f2e960ea1bbae8b4f10.1540199566.git.pmatilai@redhat.com>
0b2921
From: Panu Matilainen <pmatilai@redhat.com>
0b2921
Date: Mon, 22 Oct 2018 10:52:39 +0300
0b2921
Subject: [PATCH] Fix nasty --setperms/--setugids regression in 4.14.2 (RhBug:
0b2921
 1640470)
0b2921
0b2921
Commit 38c2f6e160d5ed3e9c3a266139c7eb2632724c15 causes --setperms and
0b2921
--setugids follow symlinks instead of skipping them.
0b2921
0b2921
In case of --setperms, all encountered symlinks will have their
0b2921
target file/directory permissions set to the 0777 of the link itself
0b2921
(so world writable etc but suid/sgid stripped), temporarily or permanently,
0b2921
depending on whether the symlink occurs before or after it's target in the
0b2921
package file list. When the link occurs before its target, there's a short
0b2921
window where the target is world writable before having it's permissions
0b2921
reset to original, making it particularly bad for suid/sgid binaries.
0b2921
0b2921
--setugids is similarly affected with link targets owner/group changing
0b2921
to that of the symlink.
0b2921
0b2921
Add missing parentheses to the conditions introduced in commit
0b2921
38c2f6e160d5ed3e9c3a266139c7eb2632724c15 to fix.
0b2921
Reported by Karel Srot, patch by Pavlina Moravcova Varekova.
0b2921
---
0b2921
 rpmpopt.in | 4 ++--
0b2921
 1 file changed, 2 insertions(+), 2 deletions(-)
0b2921
0b2921
diff --git a/rpmpopt.in b/rpmpopt.in
0b2921
index 8aaa91f11..42d3416a3 100644
0b2921
--- a/rpmpopt.in
0b2921
+++ b/rpmpopt.in
0b2921
@@ -44,14 +44,14 @@ rpm	alias --scripts --qf '\
0b2921
 	--POPTdesc=$"list install/erase scriptlets from package(s)"
0b2921
 
0b2921
 rpm	alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
0b2921
-        \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] || \
0b2921
+        ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
0b2921
         chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
0b2921
 		   --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
0b2921
 	--POPTdesc=$"set permissions of files in a package"
0b2921
 
0b2921
 rpm	alias --setugids -q --qf \
0b2921
 	'[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape} %{FILEFLAGS}\n]' \
0b2921
-	--pipe "(echo 'ch() { \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] || \
0b2921
+	--pipe "(echo 'ch() { ( \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] ) || \
0b2921
 		(chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\";) }'; \
0b2921
 		grep '^ch '|grep -v \(none\))|sh" \
0b2921
 	--POPTdesc=$"set user/group ownership of files in a package"
0b2921
-- 
0b2921
2.17.2
0b2921