Radish alpha
H
HardenedBSD-pkg
HardenedBSD Package Manager
Radicle
Git (anonymous pull)
Log in to clone via SSH
Commits
Work around an issue with zfs which drops the setuid on chown
Baptiste Daroussin committed 10 years ago
commit 350a6a65194bb5ee05f300e7bb42b709d6e1323c
parent 4dab96426b86b6d3f36025c3389035240c6f019a
2 files changed +45 -9
modified libpkg/pkg_add.c
@@ -187,12 +187,6 @@ set_attrs(int fd, char *path, mode_t perm, uid_t uid, gid_t gid,
    const struct timespec *ats, const struct timespec *mts)

{
- 
	if (fchmodat(fd, RELATIVE_PATH(path), perm,
- 
	    AT_SYMLINK_NOFOLLOW) == -1) {
- 
		pkg_emit_error("Fail to chmod %s: %s", path, strerror(errno));
- 
		return (EPKG_FATAL);
- 
	}
- 


#ifdef HAVE_UTIMENSAT

	struct timespec times[2];
@@ -225,6 +219,12 @@ set_attrs(int fd, char *path, mode_t perm, uid_t uid, gid_t gid,
		return (EPKG_FATAL);

	}
+ 
	/* zfs drops the setuid on fchownat */
+ 
	if (fchmodat(fd, RELATIVE_PATH(path), perm, 0) == -1) {
+ 
		pkg_emit_error("Fail to chmod %s: %s", path, strerror(errno));
+ 
		return (EPKG_FATAL);
+ 
	}
+ 


	return (EPKG_OK);

}
@@ -369,7 +369,7 @@ do_extract_regfile(struct pkg *pkg, struct archive *a, struct archive_entry *ae,


	/* Create the new temp file */

	fd = openat(pkg->rootfd, RELATIVE_PATH(f->temppath),
- 
	    O_CREAT|O_WRONLY|O_EXCL, f->perm);
+ 
	    O_CREAT|O_WRONLY|O_EXCL, aest->st_mode & ~S_IFMT);

	if (fd == -1) {

		pkg_emit_error("Fail to create temporary file: %s: %s",

		    f->temppath, strerror(errno));
modified tests/frontend/extract.sh
@@ -3,7 +3,8 @@
. $(atf_get_srcdir)/test_environment.sh

tests_init \

	basic \
- 
	basic_dirs
+ 
	basic_dirs \
+ 
	setuid



basic_body()

{
@@ -62,7 +63,7 @@ ${TMPDIR}/target${TMPDIR}/a
basic_dirs_body()

{

	mkdir ${TMPDIR}/plop
- 
	new_pkg "test" "test" "1" || atf_fail "plop"
+ 
	new_pkg "test" "test" "1" || atf_fail "fail to create the ucl file"

cat << EOF >> test.ucl

directories = {

	${TMPDIR}/plop: y
@@ -84,3 +85,38 @@ EOF


	test -d ${TMPDIR}/target${TMPDIR}/plop || atf_fail "directory not extracted"

}
+
+ 
setuid_body()
+ 
{
+ 
	touch ${TMPDIR}/a
+ 
	chmod 04554 ${TMPDIR}/a || atf_fail "Fail to chmod"
+ 
	new_pkg "test" "test" "1" || atf_fail "fail to create the ucl file"
+ 
	cat << EOF >> test.ucl
+ 
files = {
+ 
	${TMPDIR}/a = ""
+ 
}
+ 
EOF
+ 
	atf_check \
+ 
		-o empty \
+ 
		-e empty \
+ 
		-s exit:0 \
+ 
		pkg create -M test.ucl
+
+ 
	atf_check \
+ 
		-o match:"^-r-sr-xr-- " \
+ 
		-e empty \
+ 
		tar tvf ${TMPDIR}/test-1.txz
+
+ 
	mkdir ${TMPDIR}/target
+ 
	atf_check \
+ 
		-o empty \
+ 
		-e empty \
+ 
		-s exit:0 \
+ 
		pkg -r ${TMPDIR}/target install -qfy ${TMPDIR}/test-1.txz
+
+ 
	atf_check \
+ 
		-o match:"^-r-sr-xr-- " \
+ 
		-e empty \
+ 
		-s exit:0 \
+ 
		ls -l ${TMPDIR}/target${TMPDIR}/a
+ 
}