Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 350a6a6
Work around an issue with zfs which drops the setuid on chown
Baptiste Daroussin committed 10 years ago
commit 350a6a65194bb5ee05f300e7bb42b709d6e1323c
parent 4dab964
2 files changed +45 -9
modified libpkg/pkg_add.c
@@ -187,12 +187,6 @@ set_attrs(int fd, char *path, mode_t perm, uid_t uid, gid_t gid,
    const struct timespec *ats, const struct timespec *mts)

{
- 
	if (fchmodat(fd, RELATIVE_PATH(path), perm,
- 
	    AT_SYMLINK_NOFOLLOW) == -1) {
- 
		pkg_emit_error("Fail to chmod %s: %s", path, strerror(errno));
- 
		return (EPKG_FATAL);
- 
	}
- 


#ifdef HAVE_UTIMENSAT

	struct timespec times[2];
@@ -225,6 +219,12 @@ set_attrs(int fd, char *path, mode_t perm, uid_t uid, gid_t gid,
		return (EPKG_FATAL);

	}
+ 
	/* zfs drops the setuid on fchownat */
+ 
	if (fchmodat(fd, RELATIVE_PATH(path), perm, 0) == -1) {
+ 
		pkg_emit_error("Fail to chmod %s: %s", path, strerror(errno));
+ 
		return (EPKG_FATAL);
+ 
	}
+ 


	return (EPKG_OK);

}
@@ -369,7 +369,7 @@ do_extract_regfile(struct pkg *pkg, struct archive *a, struct archive_entry *ae,


	/* Create the new temp file */

	fd = openat(pkg->rootfd, RELATIVE_PATH(f->temppath),
- 
	    O_CREAT|O_WRONLY|O_EXCL, f->perm);
+ 
	    O_CREAT|O_WRONLY|O_EXCL, aest->st_mode & ~S_IFMT);

	if (fd == -1) {

		pkg_emit_error("Fail to create temporary file: %s: %s",

		    f->temppath, strerror(errno));
modified tests/frontend/extract.sh
@@ -3,7 +3,8 @@
. $(atf_get_srcdir)/test_environment.sh

tests_init \

	basic \
- 
	basic_dirs
+ 
	basic_dirs \
+ 
	setuid



basic_body()

{
@@ -62,7 +63,7 @@ ${TMPDIR}/target${TMPDIR}/a
basic_dirs_body()

{

	mkdir ${TMPDIR}/plop
- 
	new_pkg "test" "test" "1" || atf_fail "plop"
+ 
	new_pkg "test" "test" "1" || atf_fail "fail to create the ucl file"

cat << EOF >> test.ucl

directories = {

	${TMPDIR}/plop: y
@@ -84,3 +85,38 @@ EOF


	test -d ${TMPDIR}/target${TMPDIR}/plop || atf_fail "directory not extracted"

}
+
+ 
setuid_body()
+ 
{
+ 
	touch ${TMPDIR}/a
+ 
	chmod 04554 ${TMPDIR}/a || atf_fail "Fail to chmod"
+ 
	new_pkg "test" "test" "1" || atf_fail "fail to create the ucl file"
+ 
	cat << EOF >> test.ucl
+ 
files = {
+ 
	${TMPDIR}/a = ""
+ 
}
+ 
EOF
+ 
	atf_check \
+ 
		-o empty \
+ 
		-e empty \
+ 
		-s exit:0 \
+ 
		pkg create -M test.ucl
+
+ 
	atf_check \
+ 
		-o match:"^-r-sr-xr-- " \
+ 
		-e empty \
+ 
		tar tvf ${TMPDIR}/test-1.txz
+
+ 
	mkdir ${TMPDIR}/target
+ 
	atf_check \
+ 
		-o empty \
+ 
		-e empty \
+ 
		-s exit:0 \
+ 
		pkg -r ${TMPDIR}/target install -qfy ${TMPDIR}/test-1.txz
+
+ 
	atf_check \
+ 
		-o match:"^-r-sr-xr-- " \
+ 
		-e empty \
+ 
		-s exit:0 \
+ 
		ls -l ${TMPDIR}/target${TMPDIR}/a
+ 
}