aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Fernando J. Pereda <ferdy@ferdyx.org> 2007-01-04 20:55:10 +0000
committerAvatar Fernando J. Pereda <ferdy@ferdyx.org> 2007-01-04 20:55:10 +0000
commit246ffd1f4959c8dc28ab45826980e59f91917e00 (patch)
treebd620abcdea07a693acea148177f3a96fa2c9f05
parent99433068401b9c6bf3d01ed84c7671e2681ef29e (diff)
downloadpaludis-246ffd1f4959c8dc28ab45826980e59f91917e00.tar.gz
paludis-246ffd1f4959c8dc28ab45826980e59f91917e00.tar.xz
Added a hook to remove the setuid/setgid bits of a file before upgrading or removing it.
-rw-r--r--hooks/Makefile.am.m47
-rwxr-xr-xhooks/paranoid_setuid_setgid.bash34
2 files changed, 40 insertions, 1 deletions
diff --git a/hooks/Makefile.am.m4 b/hooks/Makefile.am.m4
index 510eb02..3f42a31 100644
--- a/hooks/Makefile.am.m4
+++ b/hooks/Makefile.am.m4
@@ -13,6 +13,7 @@ installhookcommonprogdir = $(libexecdir)/paludis/hooks/common
installhookinstallallpostdir = $(libexecdir)/paludis/hooks/install_all_post
installhookinstallpostdir = $(libexecdir)/paludis/hooks/install_post
installhookebuildmergepredir = $(libexecdir)/paludis/hooks/ebuild_merge_pre
+installhookuninstallpredir = $(libexecdir)/paludis/hooks/uninstall_pre
installhookcommonprog_SCRIPTS = \
gnu_info_index.bash \
@@ -29,7 +30,11 @@ installhookinstallpost_SCRIPTS = \
update_config_protect_list.bash
installhookebuildmergepre_SCRIPTS = \
- rewrite_broken_symlinks.bash
+ rewrite_broken_symlinks.bash \
+ paranoid_setuid_setgid.bash
+
+installhookuninstallpre_SCRIPTS = \
+ paranoid_setuid_setgid.bash
installvarlibpaludisnews_DATA = \
.keep
diff --git a/hooks/paranoid_setuid_setgid.bash b/hooks/paranoid_setuid_setgid.bash
new file mode 100755
index 0000000..44b5527
--- /dev/null
+++ b/hooks/paranoid_setuid_setgid.bash
@@ -0,0 +1,34 @@
+#!/bin/bash
+# vim: set et sw=4 sts=4 :
+
+# Copyright (c) 2007 Fernando J. Pereda <ferdy@gentoo.org>
+#
+# This file is part of the Paludis package manager. Paludis is free software;
+# you can redistribute it and/or modify it under the terms of the GNU General
+# Public License, version 2, as published by the Free Software Foundation.
+#
+# Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA
+
+export PATH="$(${PALUDIS_EBUILD_DIR}/utils/canonicalise ${PALUDIS_EBUILD_DIR}/utils/ ):${PATH}"
+source ${PALUDIS_EBUILD_DIR}/echo_functions.bash
+
+einfo_unhooked "Removing setuid and setgid bits..."
+
+while read file ; do
+ [[ -f "${file}" ]] || continue
+ if [[ -u "${file}" ]] || [[ -g "${file}" ]] ; then
+ chmod gu-s "${file}"
+ fi
+done < <(${PALUDIS_COMMAND} --contents =${CATEGORY}/${PF} |
+ sed -e '1d' -e '/^\s*$/d' -e 's-^\s*--')
+
+einfo_unhooked "Done removing setuid and setgid bits."
+
+true