diff options
author | Zac Medico <zmedico@gentoo.org> | 2008-03-03 19:24:05 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2008-03-03 19:24:05 +0000 |
commit | 487c9b851562bacf2238f7fc79b90dfae81b5eed (patch) | |
tree | 9d99cced996e1e1b05ca4a3ed337d7c946b4ce17 | |
parent | 2ecca14964bd898087200f379c180ec6885a2386 (diff) | |
download | portage-487c9b851562bacf2238f7fc79b90dfae81b5eed.tar.gz portage-487c9b851562bacf2238f7fc79b90dfae81b5eed.tar.bz2 portage-487c9b851562bacf2238f7fc79b90dfae81b5eed.zip |
Bug #210372 - Fix FEATURES=suidctl so that it really works again.
(trunk r9423)
svn path=/main/branches/2.1.2/; revision=9424
-rwxr-xr-x | bin/misc-functions.sh | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index 85d0c37c7..680c5b185 100755 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -464,27 +464,28 @@ preinst_suid_scan() { fi # total suid control. if hasq suidctl $FEATURES; then + local sfconf sfconf=${PORTAGE_CONFIGROOT}etc/portage/suidctl.conf + # sandbox prevents us from writing directly + # to files outside of the sandbox, but this + # can easly be bypassed using the addwrite() function + addwrite "${sfconf}" vecho ">>> Performing suid scan in ${D}" for i in $(find "${D}" -type f \( -perm -4000 -o -perm -2000 \) ); do if [ -s "${sfconf}" ]; then - suid="$(grep "^/${i#${D}}$" "${sfconf}")" - if [ "${suid}" = "${i/${D}}" ]; then - vecho "- ${i/${D}} is an approved suid file" + install_path=/${i#${D}} + if grep -q "^${install_path}\$" "${sfconf}" ; then + vecho "- ${install_path} is an approved suid file" else - vecho ">>> Removing sbit on non registered ${i/${D}}" + vecho ">>> Removing sbit on non registered ${install_path}" for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done vecho -ne "\a" ls_ret=$(ls -ldh "${i}") chmod ugo-s "${i}" - grep "^#${i/${D}}$" "${sfconf}" > /dev/null || { - # sandbox prevents us from writing directly - # to files outside of the sandbox, but this - # can easly be bypassed using the addwrite() function - addwrite "${sfconf}" + grep "^#${install_path}$" "${sfconf}" > /dev/null || { vecho ">>> Appending commented out entry to ${sfconf} for ${PF}" - echo "## ${ls_ret%${D}*}${ls_ret#*${D}}" >> "${sfconf}" - echo "#${i/${D}}" >> "${sfconf}" + echo "## ${ls_ret%${D}*}${install_path}" >> "${sfconf}" + echo "#${install_path}" >> "${sfconf}" # no delwrite() eh? # delwrite ${sconf} } |