diff options
-rw-r--r-- | meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch | 169 |
1 files changed, 163 insertions, 6 deletions
diff --git a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch index 2bd2289372..7b1f82d577 100644 --- a/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch +++ b/meta/recipes-devtools/pseudo/files/pseudo-fchmodat-permissions.patch @@ -1,4 +1,4 @@ -commit 5a6f2896ed44029ced2a33ac64c962737c5171a0 +commit 7e67d082737b3df4788caf85fedd607b3acd9786 Author: Peter Seebach <peter.seebach@windriver.com> Date: Fri May 16 15:53:06 2014 -0500 @@ -11,18 +11,27 @@ Date: Fri May 16 15:53:06 2014 -0500 AT_SYMLINK_NOFOLLOW by rejecting it if the host system does, to make GNU tar happier), also mask out write bits from filesystem modes to avoid security problems. + + Also start tracking umask so we can use the right modes for + open, mkdir, and mknod. The 1.6 patches are: 87c53ea58befef48677846693aab445df1850e16 3c716e0bab4f0cfe4be84caa9ce5fd5e3f5e2a23 c98e4f43b5d6499748a5057134408f4ba4854fb4 + 2f71a021b725c1aa415439209a89327f0b997d02 + 14925786b55202d8147b0af719038e8a23ef73c0 diff --git a/ChangeLog.txt b/ChangeLog.txt -index 113f675..fab1033 100644 +index 113f675..cc966ce 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt -@@ -1,3 +1,14 @@ +@@ -1,3 +1,18 @@ ++2014-05-27: ++ * (seebs) start noticing umask, mask it out from open or mkdir ++ calls rather than relying on underlying open/mkdir to do it. ++ +2014-05-16: + * (seebs) fchmodat: don't drop flags, report failures, to improve + compatibility/consistency. Cache the knowledge that @@ -37,6 +46,60 @@ index 113f675..fab1033 100644 2013-02-27: * (seebs) Oh, hey, what if I took out my debug messages? * (seebs) update docs a bit to reduce bitrot +diff --git a/makewrappers b/makewrappers +index e87cc56..0127766 100755 +--- a/makewrappers ++++ b/makewrappers +@@ -204,6 +204,7 @@ class Function: + 'uid_t': '0', + 'int': '-1', + 'long': '-1', ++ 'mode_t': '0', + 'ssize_t': '-1' + } + +diff --git a/ports/darwin/guts/open.c b/ports/darwin/guts/open.c +index c66cc15..520bb70 100644 +--- a/ports/darwin/guts/open.c ++++ b/ports/darwin/guts/open.c +@@ -9,6 +9,9 @@ + struct stat buf = { }; + int existed = 1; + int save_errno; ++ ++ /* mask out mode bits appropriately */ ++ mode = mode & ~pseudo_umask; + #ifdef PSEUDO_FORCE_ASYNCH + flags &= ~O_SYNC; + #endif +diff --git a/ports/linux/guts/__xmknodat.c b/ports/linux/guts/__xmknodat.c +index 59b4f2f..0888b8a 100644 +--- a/ports/linux/guts/__xmknodat.c ++++ b/ports/linux/guts/__xmknodat.c +@@ -9,6 +9,9 @@ + pseudo_msg_t *msg; + struct stat64 buf; + ++ /* mask out mode bits appropriately */ ++ mode = mode & ~pseudo_umask; ++ + /* we don't use underlying call, so _ver is irrelevant to us */ + (void) ver; + +diff --git a/ports/linux/guts/openat.c b/ports/linux/guts/openat.c +index 8460073..4053549 100644 +--- a/ports/linux/guts/openat.c ++++ b/ports/linux/guts/openat.c +@@ -10,6 +10,9 @@ + int existed = 1; + int save_errno; + ++ /* mask out mode bits appropriately */ ++ mode = mode & ~pseudo_umask; ++ + #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS + if (dirfd != AT_FDCWD) { + errno = ENOSYS; diff --git a/ports/unix/guts/fchmodat.c b/ports/unix/guts/fchmodat.c index 59a92ce..69a953c 100644 --- a/ports/unix/guts/fchmodat.c @@ -92,16 +155,110 @@ index 59a92ce..69a953c 100644 * may believe you are permitted to change modes that the filesystem * doesn't. Note that we also don't need to know whether the * file might be a (pseudo) block device or some such; pseudo +diff --git a/ports/unix/guts/mkdirat.c b/ports/unix/guts/mkdirat.c +index e846b70..e0b6af9 100644 +--- a/ports/unix/guts/mkdirat.c ++++ b/ports/unix/guts/mkdirat.c +@@ -6,11 +6,14 @@ + * wrap_mkdirat(int dirfd, const char *path, mode_t mode) { + * int rc = -1; + */ ++ /* mask out mode bits appropriately */ ++ mode = mode & ~pseudo_umask; + #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS + if (dirfd != AT_FDCWD) { + errno = ENOSYS; + return -1; + } ++ + rc = real_mkdir(path, PSEUDO_FS_MODE(mode, 1)); + #else + rc = real_mkdirat(dirfd, path, PSEUDO_FS_MODE(mode, 1)); +diff --git a/ports/unix/guts/mknodat.c b/ports/unix/guts/mknodat.c +index 6fd5b42..5d8d47c 100644 +--- a/ports/unix/guts/mknodat.c ++++ b/ports/unix/guts/mknodat.c +@@ -10,6 +10,9 @@ + PSEUDO_STATBUF buf; + int save_errno = errno; + ++ /* mask out mode bits appropriately */ ++ mode = mode & ~pseudo_umask; ++ + #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS + if (dirfd != AT_FDCWD) { + errno = ENOSYS; +diff --git a/ports/unix/guts/umask.c b/ports/unix/guts/umask.c +new file mode 100644 +index 0000000..6b060d3 +--- /dev/null ++++ b/ports/unix/guts/umask.c +@@ -0,0 +1,14 @@ ++/* ++ * Copyright (c) 2014 Wind River Systems; see ++ * guts/COPYRIGHT for information. ++ * ++ * mode_t umask(mode_t mask) ++ * mode_t rc = 0; ++ */ ++ ++ pseudo_umask = mask; ++ rc = real_umask(mask); ++ ++/* return rc; ++ * } ++ */ +diff --git a/ports/unix/wrapfuncs.in b/ports/unix/wrapfuncs.in +index 8460a65..e0e9739 100644 +--- a/ports/unix/wrapfuncs.in ++++ b/ports/unix/wrapfuncs.in +@@ -67,3 +67,4 @@ void sync(void); /* async_skip= */ + int syncfs(int fd); /* async_skip=0 */ + int sync_file_range(int fd, off64_t offset, off64_t nbytes, unsigned int flags); /* async_skip=0 */ + int msync(void *addr, size_t length, int flags); /* async_skip=0 */ ++mode_t umask(mode_t mask); +diff --git a/pseudo_client.c b/pseudo_client.c +index b6d11a6..535c810 100644 +--- a/pseudo_client.c ++++ b/pseudo_client.c +@@ -71,6 +71,8 @@ int pseudo_disabled = 0; + int pseudo_allow_fsync = 0; + static int pseudo_local_only = 0; + ++int pseudo_umask = 022; ++ + static char **fd_paths = NULL; + static int nfds = 0; + static int messages = 0; +@@ -219,6 +221,9 @@ pseudo_init_client(void) { + if (!pseudo_disabled && !pseudo_inited) { + char *pseudo_path = 0; + ++ pseudo_umask = umask(022); ++ umask(pseudo_umask); ++ + pseudo_path = pseudo_prefix_path(NULL); + if (pseudo_prefix_dir_fd == -1) { + if (pseudo_path) { diff --git a/pseudo_client.h b/pseudo_client.h -index f36a772..ecb13a6 100644 +index f36a772..5bf820e 100644 --- a/pseudo_client.h +++ b/pseudo_client.h -@@ -85,6 +85,6 @@ extern int pseudo_nosymlinkexp; +@@ -72,6 +72,8 @@ extern char *pseudo_passwd; + extern size_t pseudo_chroot_len; + extern int pseudo_nosymlinkexp; + ++extern int pseudo_umask; ++ + /* Root can read and write files, and enter directories which have no + * read, write, or execute permissions. (But can't execute files without + * execute permissions!) +@@ -85,6 +87,6 @@ extern int pseudo_nosymlinkexp; * None of this will behave very sensibly if umask has 0700 bits in it; * this is a known limitation. */ -#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) -#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700))) -+#define PSEUDO_FS_MODE(mode, isdir) ((((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) & ~(S_IWOTH | S_IWGRP)) ++#define PSEUDO_FS_MODE(mode, isdir) (((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) +#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722))) |