* [PATCH] sanity: Check for setgid/setuid TMPDIR
@ 2014-07-23 16:05 Richard Purdie
2014-07-23 16:14 ` Christopher Larson
0 siblings, 1 reply; 2+ messages in thread
From: Richard Purdie @ 2014-07-23 16:05 UTC (permalink / raw)
To: openembedded-core
Building in a TMPDIR which has setgid or setuid is a bad idea. We could try and reset
the permissions but since these can also invade into other directories like the cache
or sstate, lets tell the user to fix it instead.
[YOCTO #6519]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index ed65814..367b68e 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -514,6 +514,7 @@ def check_sanity_version_change(status, d):
import xml.parsers.expat
except ImportError:
status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n')
+ import stat
status.addresult(check_make_version(d))
status.addresult(check_tar_version(d))
@@ -566,6 +567,11 @@ def check_sanity_version_change(status, d):
# Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
tmpdir = d.getVar('TMPDIR', True)
status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
+ tmpdirmode = os.stat(tmpdir).st_mode
+ if (tmpdirmode & stat.S_ISGID):
+ status.addresult("TMPDIR is setgid, please don't build in a setgid directory")
+ if (tmpdirmode & stat.S_ISUID):
+ status.addresult("TMPDIR is setuid, please don't build in a setgid directory")
# Some third-party software apparently relies on chmod etc. being suid root (!!)
import stat
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] sanity: Check for setgid/setuid TMPDIR
2014-07-23 16:05 [PATCH] sanity: Check for setgid/setuid TMPDIR Richard Purdie
@ 2014-07-23 16:14 ` Christopher Larson
0 siblings, 0 replies; 2+ messages in thread
From: Christopher Larson @ 2014-07-23 16:14 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 407 bytes --]
On Wed, Jul 23, 2014 at 9:05 AM, Richard Purdie <
richard.purdie@linuxfoundation.org> wrote:
> + status.addresult("TMPDIR is setuid, please don't build in a
> setgid directory")
Minor typo, s/setgid directory/setuid directory/.
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
[-- Attachment #2: Type: text/html, Size: 786 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-07-23 16:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-23 16:05 [PATCH] sanity: Check for setgid/setuid TMPDIR Richard Purdie
2014-07-23 16:14 ` Christopher Larson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.