From b891bf13e47694eb1d36a34efb03d21c4b382669 Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Mon, 27 Apr 2015 13:26:35 -0700 Subject: ebuild-helpers: avoid exec loops or fork bombs in wrappers (bug 547086) Since commit 130c01b9e561dd6ff7733a4905b21a0a921e9a22, extra portage paths in PATH could trigger exec loops or fork bombs in wrappers. Fixes: 130c01b9e561 ("_doebuild_path: add fallback for temp PORTAGE_BIN_PATH (bug 547086)") X-Gentoo-Bug: 547086 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=547086 Acked-by: Brian Dolbec --- bin/ebuild-helpers/bsd/sed | 4 +++- bin/ebuild-helpers/portageq | 4 +++- bin/ebuild-helpers/unprivileged/chown | 4 +++- bin/ebuild-helpers/xattr/install | 14 +++++++++++++- 4 files changed, 22 insertions(+), 4 deletions(-) (limited to 'bin/ebuild-helpers') diff --git a/bin/ebuild-helpers/bsd/sed b/bin/ebuild-helpers/bsd/sed index 01b88471d..9a7f2d4bb 100755 --- a/bin/ebuild-helpers/bsd/sed +++ b/bin/ebuild-helpers/bsd/sed @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2007-2012 Gentoo Foundation +# Copyright 2007-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 scriptpath=${BASH_SOURCE[0]} @@ -15,6 +15,8 @@ else for path in $PATH; do if [[ -x ${path}/${scriptname} ]]; then + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue + [[ ${path} == */._portage_reinstall_.* ]] && continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue exec "${path}/${scriptname}" "$@" exit 0 diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq index 4151bac70..ba889ebcc 100755 --- a/bin/ebuild-helpers/portageq +++ b/bin/ebuild-helpers/portageq @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2009-2013 Gentoo Foundation +# Copyright 2009-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 scriptpath=${BASH_SOURCE[0]} @@ -15,6 +15,8 @@ set -f # in case ${PATH} contains any shell glob characters for path in ${PATH}; do [[ -x ${path}/${scriptname} ]] || continue + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue + [[ ${path} == */._portage_reinstall_.* ]] && continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ exec "${PORTAGE_PYTHON:-/usr/bin/python}" \ diff --git a/bin/ebuild-helpers/unprivileged/chown b/bin/ebuild-helpers/unprivileged/chown index 08fa650c5..2f1f1617d 100755 --- a/bin/ebuild-helpers/unprivileged/chown +++ b/bin/ebuild-helpers/unprivileged/chown @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2012-2013 Gentoo Foundation +# Copyright 2012-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 scriptpath=${BASH_SOURCE[0]} @@ -9,6 +9,8 @@ IFS=':' for path in ${PATH}; do [[ -x ${path}/${scriptname} ]] || continue + [[ ${path} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue + [[ ${path} == */._portage_reinstall_.* ]] && continue [[ ${path}/${scriptname} -ef ${scriptpath} ]] && continue IFS=$' \t\n' output=$("${path}/${scriptname}" "$@" 2>&1) diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install index d572fe6ef..2d2a693a9 100755 --- a/bin/ebuild-helpers/xattr/install +++ b/bin/ebuild-helpers/xattr/install @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2013 Gentoo Foundation +# Copyright 2013-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin} @@ -24,6 +24,18 @@ else fi fi +# Filter internal portage paths from PATH, in order to avoid +# a possible exec loop or fork bomb (see bug 547086). +IFS=':' +set -f +path= +for x in ${PATH}; do + [[ ${x} == ${PORTAGE_OVERRIDE_EPREFIX}/usr/lib*/portage/* ]] && continue + [[ ${x} == */._portage_reinstall_.* ]] && continue + path+=":${x}" +done +PATH=${path#:} + if [[ "${implementation}" == "c" ]]; then exec "${INSTALL_XATTR}" "$@" elif [[ "${implementation}" == "python" ]]; then -- cgit v1.2.3-65-gdbad