diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2018-10-22 10:52:39 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2018-10-22 12:23:02 +0300 |
commit | a7f3748d006d1b1057a791f2a7c790d3ec09cc09 (patch) | |
tree | 4025190e9847c3782f25ed59fde2da5a5bc8cfb4 | |
parent | ddc1d06c45994b40aea3dfefc60436e409fce08c (diff) | |
download | rpm-a7f3748d006d1b1057a791f2a7c790d3ec09cc09.tar.gz |
Fix nasty --setperms/--setugids regression in 4.14.2 (RhBug: 1640470)
Commit 38c2f6e160d5ed3e9c3a266139c7eb2632724c15 causes --setperms and
--setugids follow symlinks instead of skipping them.
In case of --setperms, all encountered symlinks will have their
target file/directory permissions set to the 0777 of the link itself
(so world writable etc but suid/sgid stripped), temporarily or permanently,
depending on whether the symlink occurs before or after it's target in the
package file list. When the link occurs before its target, there's a short
window where the target is world writable before having it's permissions
reset to original, making it particularly bad for suid/sgid binaries.
--setugids is similarly affected with link targets owner/group changing
to that of the symlink.
Add missing parentheses to the conditions introduced in commit
38c2f6e160d5ed3e9c3a266139c7eb2632724c15 to fix.
Reported by Karel Srot, patch by Pavlina Moravcova Varekova.
(cherry picked from commit 0d83637769b8a122b1e80f2e960ea1bbae8b4f10)
-rw-r--r-- | rpmpopt.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/rpmpopt.in b/rpmpopt.in index 3e44937b4..3a571140c 100644 --- a/rpmpopt.in +++ b/rpmpopt.in @@ -44,14 +44,14 @@ rpm alias --scripts --qf '\ --POPTdesc=$"list install/erase scriptlets from package(s)" rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ - \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] || \ + ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ --POPTdesc=$"set permissions of files in a package" rpm alias --setugids -q --qf \ '[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape} %{FILEFLAGS}\n]' \ - --pipe "(echo 'ch() { \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] || \ + --pipe "(echo 'ch() { ( \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] ) || \ (chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\";) }'; \ grep '^ch '|grep -v \(none\))|sh" \ --POPTdesc=$"set user/group ownership of files in a package" |