aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2007-01-07 18:00:19 +0000
committerAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2007-01-07 18:00:19 +0000
commit5cf2e6638f19b49b29bcc8f45e5cce6fb62a0968 (patch)
tree5569fe73cf2b1ffd8d26ed273e77218b1c24ac8e
parent091da5a817b6333829178fb22ab4604f90b842b0 (diff)
downloadpaludis-5cf2e6638f19b49b29bcc8f45e5cce6fb62a0968.tar.gz
paludis-5cf2e6638f19b49b29bcc8f45e5cce6fb62a0968.tar.xz
Support secure install and uninstall of set*id files
-rw-r--r--ebuild/merge.cc19
-rw-r--r--ebuild/unmerge.cc7
2 files changed, 25 insertions, 1 deletions
diff --git a/ebuild/merge.cc b/ebuild/merge.cc
index 5574c80..1df5b86 100644
--- a/ebuild/merge.cc
+++ b/ebuild/merge.cc
@@ -203,7 +203,16 @@ namespace
}
else
{
- FSEntry(dst).unlink();
+ if (dst.is_regular_file())
+ {
+ mode_t mode(dst.permissions());
+ if ((mode & S_ISUID) || (mode & S_ISGID))
+ {
+ mode &= 0400;
+ FSEntry(dst).chmod(mode);
+ }
+ FSEntry(dst).unlink();
+ }
cout << endl;
}
}
@@ -273,7 +282,15 @@ namespace
throw Failure("Can't overwrite directory '" + stringify(dst) +
"' with symlink to '" + src.readlink() + "'");
else
+ {
+ mode_t mode(dst.permissions());
+ if ((mode & S_ISUID) || (mode & S_ISGID))
+ {
+ mode &= 0400;
+ FSEntry(dst).chmod(mode);
+ }
FSEntry(dst).unlink();
+ }
}
#ifdef HAVE_SELINUX
diff --git a/ebuild/unmerge.cc b/ebuild/unmerge.cc
index fa55d41..0760440 100644
--- a/ebuild/unmerge.cc
+++ b/ebuild/unmerge.cc
@@ -98,6 +98,13 @@ namespace
else
{
cout << "<<< " << tokens.at(1) << endl;
+
+ mode_t mode((root / tokens.at(1)).permissions());
+ if ((mode & S_ISUID) || (mode & S_ISGID))
+ {
+ mode &= 0400;
+ (root / tokens.at(1)).chmod(mode);
+ }
(root / tokens.at(1)).unlink();
}
}