diff options
| author | Zac Medico <zmedico@gentoo.org> | 2009-03-11 06:19:49 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2009-03-11 06:19:49 +0000 |
| commit | 6222e3e41f5b7e5f8cb60b36bfcfa10d169cd1c1 (patch) | |
| tree | 1eb39e8a7a6d20264e796cd0695114bf0b7280de | |
| parent | ab65531d69e7bb0f6fee0f3721e3a5639c8980a4 (diff) | |
| download | portage-6222e3e41f5b7e5f8cb60b36bfcfa10d169cd1c1.tar.gz portage-6222e3e41f5b7e5f8cb60b36bfcfa10d169cd1c1.tar.bz2 portage-6222e3e41f5b7e5f8cb60b36bfcfa10d169cd1c1.zip | |
reject all set*id binaries that have DT_RPATH:$ORIGIN #260331 (trunk r12712)
svn path=/main/branches/2.1.6/; revision=12967
| -rwxr-xr-x | bin/misc-functions.sh | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index 472beb274..b2796bd50 100755 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -73,14 +73,19 @@ install_qa_check() { # (older, broken libtools would do this). Also check for null paths # because the loader will search $PWD when it finds null paths. f=$(scanelf -qyRF '%r %p' "${D}" | grep -E "(${PORTAGE_BUILDDIR}|: |::|^:|^ )") - if [[ -n ${f} ]] ; then + # Reject set*id binaries with $ORIGIN in RPATH #260331 + x=$( + find "${D}" -type f -perm /6000 -print0 | xargs -0 \ + scanelf -qyRF '%r %p' | grep '$ORIGIN' + ) + if [[ -n ${f}${x} ]] ; then vecho -ne '\a\n' eqawarn "QA Notice: The following files contain insecure RUNPATH's" eqawarn " Please file a bug about this at http://bugs.gentoo.org/" eqawarn " with the maintaining herd of the package." - eqawarn "${f}" + eqawarn "${f}${f:+${x:+\n}}${x}" vecho -ne '\a\n' - if has stricter ${FEATURES} ; then + if [[ -n ${x} ]] || has stricter ${FEATURES} ; then insecure_rpath=1 else vecho "Auto fixing rpaths for ${f}" |