From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5D0321395E2 for ; Wed, 30 Nov 2016 01:11:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 59F67E0A72; Wed, 30 Nov 2016 01:11:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3F198E0A72 for ; Wed, 30 Nov 2016 01:11:02 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D31293415A2 for ; Wed, 30 Nov 2016 01:10:59 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4CA1B4A9 for ; Wed, 30 Nov 2016 01:10:58 +0000 (UTC) From: "Zac Medico" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" Message-ID: <1480465947.f479a4cdcac5db92231f489f232f10eb934c6f12.zmedico@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: pym/portage/package/ebuild/ X-VCS-Repository: proj/portage X-VCS-Files: pym/portage/package/ebuild/doebuild.py X-VCS-Directories: pym/portage/package/ebuild/ X-VCS-Committer: zmedico X-VCS-Committer-Name: Zac Medico X-VCS-Revision: f479a4cdcac5db92231f489f232f10eb934c6f12 X-VCS-Branch: master Date: Wed, 30 Nov 2016 01:10:58 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: fd18e0c4-558d-431f-9934-aa63b031fe89 X-Archives-Hash: 874d0a7b0da3812ab9bd308b9d8e2ea6 commit: f479a4cdcac5db92231f489f232f10eb934c6f12 Author: Zac Medico gentoo org> AuthorDate: Tue Nov 29 20:31:06 2016 +0000 Commit: Zac Medico gentoo org> CommitDate: Wed Nov 30 00:32:27 2016 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=f479a4cd _post_src_install_uid_fix: allow files with portage group permissions (bug 600804) Allow ebuilds to install files with portage group permissions, as a means to restrict access to package manager resources. X-Gentoo-Bug: 600804 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=600804 Acked-by: Brian Dolbec gentoo.org> pym/portage/package/ebuild/doebuild.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 52dbf8b..4baae17 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -2008,7 +2008,7 @@ def _postinst_bsdflags(mysettings): def _post_src_install_uid_fix(mysettings, out): """ Files in $D with user and group bits that match the "portage" - user or group are automatically mapped to PORTAGE_INST_UID and + user and group are automatically mapped to PORTAGE_INST_UID and PORTAGE_INST_GID if necessary. The chown system call may clear S_ISUID and S_ISGID bits, so those bits are restored if necessary. @@ -2154,8 +2154,11 @@ def _post_src_install_uid_fix(mysettings, out): mystat.st_ino not in counted_inodes: counted_inodes.add(mystat.st_ino) size += mystat.st_size - if mystat.st_uid != portage_uid and \ - mystat.st_gid != portage_gid: + + # Only remap the UID/GID if both match the portage user, + # in order to avoid interference with ebuilds that install + # files with portage group permissions (see bug 600804). + if (mystat.st_uid, mystat.st_gid) != (portage_uid, portage_gid): continue myuid = -1 mygid = -1