diff options
| author |   Sam James <sam@gentoo.org> | 2022-12-31 14:40:47 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2022-12-31 14:45:35 +0000 |
| commit | 0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5 (patch) | |
| tree | 86e0027cc86056e5d3ee655e48fb17dff41c0846 | |
| parent | NEWS: update (diff) | |
| download | portage-0f4f85ee.tar.gz portage-0f4f85ee.tar.bz2 portage-0f4f85ee.zip | |
bin: pass -S to file to disable seccomp
Files being installed by Portage are generally trusted but also the
syscalls allowed by file are quite broad anyway.
Things can go catastrophically wrong if file misses valid input,
as we may have invalid VDB metadata.
Bug: https://bugs.gentoo.org/811462
Bug: https://bugs.gentoo.org/815877
Bug: https://bugs.gentoo.org/889046
Signed-off-by: Sam James <sam@gentoo.org>
| -rw-r--r-- | NEWS | 16 | ||||
| -rwxr-xr-x | bin/estrip | 2 | ||||
| -rw-r--r-- | bin/install-qa-check.d/10ignored-flags | 2 | ||||
| -rwxr-xr-x | bin/misc-functions.sh | 2 |
4 files changed, 16 insertions, 6 deletions
@@ -6,15 +6,25 @@ Features: Bug fixes: * checksum: Rewrite Whirlpool implementation as a C extension to substantially improve - performance. This only takes effect with OpenSSL 3 and newer. See bug #885909. + performance (bug #885909). + + This only takes effect with OpenSSL 3 and newer (unnecessary otherwise). Whirlpool is considered deprecated within Portage and we recommend that repository maintainers remove it from `metadata/layout.conf`! * sync: git: Fix "is shallow git repository" check. -* bin/*: Rewrite signal handling which will now correctly rethrow SIGINT - and not confuse shells. See bug #887817. +* bin: Rewrite signal handling which will now correctly rethrow SIGINT + and not confuse shells (bug #887817). + +* bin: Pass -S to file(1) to avoid seccomp sandbox issues (bug #811462, bug #889046). + + Files being installed by Portage are generally trusted but also the + syscalls allowed by file are quite broad anyway. + + Things can go catastrophically wrong if file misses valid input, + as we may have invalid VDB metadata. portage-3.0.42 (2022-12-26) -------------- diff --git a/bin/estrip b/bin/estrip index 6738fb4d3..cb4caca3e 100755 --- a/bin/estrip +++ b/bin/estrip @@ -489,7 +489,7 @@ do ( __multijob_child_init - f=$(file "${x}") || exit 0 + f=$(file -S "${x}") || exit 0 [[ -z ${f} ]] && exit 0 if ${SKIP_STRIP} ; then diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags index 0bda8eced..b55b074e1 100644 --- a/bin/install-qa-check.d/10ignored-flags +++ b/bin/install-qa-check.d/10ignored-flags @@ -31,7 +31,7 @@ ignored_flag_check() { # Separate out file types that are known to support # .GCC.command.line sections, using the `file` command # similar to how prepstrip uses it. - f=$(file "${x}") || continue + f=$(file -S "${x}") || continue [[ -z ${f} ]] && continue if [[ ${f} == *"SB executable"* || ${f} == *"SB pie executable"* || ${f} == *"SB shared object"* ]] ; then diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index fc2a36fb3..55c4afe73 100755 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -212,7 +212,7 @@ install_qa_check() { needed=${l%%;*}; l=${l#*;} # Infer implicit soname from basename (bug 715162). - if [[ -z ${soname} && $(file "${D%/}${obj}") == *"SB shared object"* ]]; then + if [[ -z ${soname} && $(file -S "${D%/}${obj}") == *"SB shared object"* ]]; then soname=${obj##*/} fi |