diff options
| author |   David James <davidjames@google.com> | 2011-04-29 17:21:58 -0700 |
|---|---|---|
| committer |   Zac Medico <zmedico@gentoo.org> | 2011-04-29 17:21:58 -0700 |
| commit | e483cb18fde536893270e87aa39157da9ebda406 (patch) | |
| tree | 9ed6195dad4bcbff9530774a5fade56dbc68b0b5 /bin | |
| parent | emergelog: only set permission on creation (diff) | |
| download | portage-e483cb18fde536893270e87aa39157da9ebda406.tar.gz portage-e483cb18fde536893270e87aa39157da9ebda406.tar.bz2 portage-e483cb18fde536893270e87aa39157da9ebda406.zip | |
Check for references to ${ROOT} in install_qa_checks.
When ROOT != /, binaries that reference ROOT will load their
dependencies from ROOT first rather than from the system-configured
path. This is a problem because the ROOT will be / on the target
system.
Besides the above, this patch also fixes incorrect parsing of scanelf
output, where we would treat the RPATHs returned by scanelf as the
names of binaries.
TEST=When "stricter" FEATURE is enabled, verify that emerge
fails when an ebuild references broken rpaths referencing
ROOT. When "stricter" FEATURE is not enabled, verify that such
references are automatically fixed. Also verify that ebuilds
with non-broken RPATHs (e.g. RPATHs referencing $ORIGIN/../lib)
are not touched by the change.
BUG=chromium-os:14271
Change-Id: I4f29cc4ea9195a1255f080284da1f676e4a2c26b
Review URL: http://codereview.chromium.org/6903153
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/misc-functions.sh | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index af0cc2760..c3109981d 100755 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -184,16 +184,37 @@ install_qa_check() { unset PORTAGE_QUIET fi - # Make sure we disallow insecure RUNPATH/RPATHs - # Don't want paths that point to the tree where the package was built - # (older, broken libtools would do this). Also check for null paths - # because the loader will search $PWD when it finds null paths. - f=$(scanelf -qyRF '%r %p' "${D}" | grep -E "(${PORTAGE_BUILDDIR}|: |::|^:|^ )") + # Make sure we disallow insecure RUNPATH/RPATHs. + # 1) References to PORTAGE_BUILDDIR are banned because it's a + # security risk. We don't want to load files from a + # temporary directory. + # 2) If ROOT != "/", references to ROOT are banned because + # that directory won't exist on the target system. + # 3) Null paths are banned because the loader will search $PWD when + # it finds null paths. + local forbidden_dirs="${PORTAGE_BUILDDIR}" + if [[ -n "$ROOT" ]] && [[ "$ROOT" != "/" ]]; then + forbidden_dirs="${forbidden_dirs} ${ROOT}" + fi + local dir="" rpath_files=$(scanelf -F '%F:%r' -qBR "${D}") + f="" + for dir in ${forbidden_dirs}; do + for l in $(echo "${rpath_files}" | grep -E ":${dir}|::|: "); do + f+=" ${l%%:*}\n" + if ! has stricter ${FEATURES}; then + vecho "Auto fixing rpaths for ${l%%:*}" + TMPDIR="${dir}" scanelf -BXr "${l%%:*}" -o /dev/null + fi + done + done + # Reject set*id binaries with $ORIGIN in RPATH #260331 x=$( find "${D}" -type f \( -perm -u+s -o -perm -g+s \) -print0 | \ xargs -0 scanelf -qyRF '%r %p' | grep '$ORIGIN' ) + + # Print QA notice. if [[ -n ${f}${x} ]] ; then vecho -ne '\n' eqawarn "QA Notice: The following files contain insecure RUNPATHs" @@ -203,9 +224,6 @@ install_qa_check() { vecho -ne '\n' if [[ -n ${x} ]] || has stricter ${FEATURES} ; then insecure_rpath=1 - else - vecho "Auto fixing rpaths for ${f}" - TMPDIR=${PORTAGE_BUILDDIR} scanelf -BXr ${f} -o /dev/null fi fi |