diff options
| author | Jason Stubbs <jstubbs@gentoo.org> | 2005-09-29 16:31:33 +0000 |
|---|---|---|
| committer | Jason Stubbs <jstubbs@gentoo.org> | 2005-09-29 16:31:33 +0000 |
| commit | 64593ae710a7b4af6d2b5dc6886d695499b72e30 (patch) | |
| tree | 3f958e8db260faec0c172775991c93cc8d3292ee | |
| parent | 87150299fd85e167a920931cc3c1d48f25c3b832 (diff) | |
| download | portage-64593ae710a7b4af6d2b5dc6886d695499b72e30.tar.gz portage-64593ae710a7b4af6d2b5dc6886d695499b72e30.tar.bz2 portage-64593ae710a7b4af6d2b5dc6886d695499b72e30.zip | |
Security checks regarding installation of world-writable files.
svn path=/main/branches/2.0/; revision=2049
| -rwxr-xr-x | bin/ebuild.sh | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh index ed3bd94f2..cf012d1b0 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -1018,12 +1018,24 @@ dyn_install() { for i in $(find "${D}/" -type f -perm -2002); do ((UNSAFE++)) echo "UNSAFE SetGID: $i" + chmod -s,o-w "$i" done for i in $(find "${D}/" -type f -perm -4002); do ((UNSAFE++)) echo "UNSAFE SetUID: $i" + chmod -s,o-w "$i" done + # Now we look for all world writable files. + for i in $(find "${D}/" -type f -perm -2); do + echo -ne '\a' + echo "QA Security Notice:" + echo "- ${i:${#D}:${#i}} will be a world writable file." + echo "- This may or may not be a security problem, most of the time it is one." + echo "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." + sleep 1 + done + if type -p scanelf > /dev/null ; then # Make sure we disallow insecure RUNPATH/RPATH's # Don't want paths that point to the tree where the package was built |