From 0f27a71d5d7cfdc61603d28cef6fdd6769069110 Mon Sep 17 00:00:00 2001
From: Ned Ludd <solar@gentoo.org>
Date: Tue, 22 May 2007 18:19:21 +0000
Subject: - cleaner version of the hardlink basic suid protection. actually
 check that the file is setXid

svn path=/main/trunk/; revision=6579
---
 pym/portage/dbapi/vartree.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pym/portage/dbapi/vartree.py b/pym/portage/dbapi/vartree.py
index 986516e25..448df94df 100644
--- a/pym/portage/dbapi/vartree.py
+++ b/pym/portage/dbapi/vartree.py
@@ -1211,11 +1211,12 @@ class dblink(object):
 						writemsg_stdout("--- !md5   %s %s\n" % ("obj", obj))
 						continue
 					try:
-						if statobj.st_nlink > 1:
-							portage.writemsg("There are "+str(st.st_nlink-1)+ \
-								" hardlinks to '%s'\n" % obj)
-						# Always blind chmod 0 before unlinking to avoid race conditions.
-						os.chmod(obj, 0000)
+						if statobj.st_mode & S_ISUID or statobj.st_mode & S_ISGID:
+							# Always blind chmod 0 before unlinking to avoid race conditions.
+							os.chmod(obj, 0000)
+							if statobj.st_nlink > 1:
+								portage.writemsg("setXid: "+str(st.st_nlink-1)+ \
+									" hardlinks to '%s'\n" % obj)
 						os.unlink(obj)
 					except (OSError, IOError), e:
 						pass
-- 
cgit v1.2.3-1-g7c22