diff options
| author | Marc Espie <espie@cvs.openbsd.org> | 2014-08-10 10:01:04 +0000 |
|---|---|---|
| committer | Marc Espie <espie@cvs.openbsd.org> | 2014-08-10 10:01:04 +0000 |
| commit | add3135f3ad44210d6dc51a85af9a9872dd52fcc (patch) | |
| tree | ac7af61496e18daa9315c9686a92a78e164d52a8 /usr.sbin | |
| parent | 8abe1294ea75b048b3c4d82ebb076c79ed8dd81c (diff) | |
if pkg_create is run as non-root, restory correct group/owner to root/bin.
also, remove write permissions without explicit modes. Allows fake installs
to keep directories/files writable while producing correct package.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/pkg_add/OpenBSD/ArcCheck.pm | 15 | ||||
| -rw-r--r-- | usr.sbin/pkg_add/OpenBSD/Ustar.pm | 17 |
2 files changed, 26 insertions, 6 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm b/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm index 4bbbac5ad14..631ad74403a 100644 --- a/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm +++ b/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: ArcCheck.pm,v 1.25 2014/04/22 18:22:20 espie Exp $ +# $OpenBSD: ArcCheck.pm,v 1.26 2014/08/10 10:01:03 espie Exp $ # # Copyright (c) 2005-2006 Marc Espie <espie@openbsd.org> # @@ -98,6 +98,15 @@ sub prepare_long } else { $entry = $self->prepare($item->name); } + if ($< && $entry->{uid} == $<) { + $entry->{uname} = $item->{owner} // "root"; + delete $entry->{uid}; + } + if ($( && $entry->{gid} == $() { + $entry->{gname} = $item->{group} // "bin"; + delete $entry->{gid}; + } + $entry->recheck_owner; if (!defined $entry->{uname}) { $self->fatal("No user name for #1 (uid #2)", $item->name, $entry->{uid}); @@ -106,6 +115,10 @@ sub prepare_long $self->fatal("No group name for #1 (uid #2)", $item->name, $entry->{gid}); } + # disallow writable files/dirs without explicit annotation + if (!defined $item->{mode}) { + $entry->{mode} &= ~(S_IWUSR|S_IWGRP|S_IWOTH); + } # if we're going to set the group or owner, sguid bits won't # survive the extraction if (defined $item->{group} || defined $item->{owner}) { diff --git a/usr.sbin/pkg_add/OpenBSD/Ustar.pm b/usr.sbin/pkg_add/OpenBSD/Ustar.pm index d41b3302a25..a0ab18c070b 100644 --- a/usr.sbin/pkg_add/OpenBSD/Ustar.pm +++ b/usr.sbin/pkg_add/OpenBSD/Ustar.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: Ustar.pm,v 1.80 2014/07/23 14:35:17 espie Exp $ +# $OpenBSD: Ustar.pm,v 1.81 2014/08/10 10:01:03 espie Exp $ # # Copyright (c) 2002-2014 Marc Espie <espie@openbsd.org> # @@ -49,10 +49,10 @@ use File::Basename (); use OpenBSD::IdCache; use OpenBSD::Paths; -my $uidcache = new OpenBSD::UidCache; -my $gidcache = new OpenBSD::GidCache; -my $unamecache = new OpenBSD::UnameCache; -my $gnamecache = new OpenBSD::GnameCache; +our $uidcache = new OpenBSD::UidCache; +our $gidcache = new OpenBSD::GidCache; +our $unamecache = new OpenBSD::UnameCache; +our $gnamecache = new OpenBSD::GnameCache; # This is a multiple of st_blksize everywhere.... my $buffsize = 2 * 1024 * 1024; @@ -485,6 +485,13 @@ sub fh package OpenBSD::Ustar::Object; +sub recheck_owner +{ + my $entry = shift; + $entry->{uid} //= $OpenBSD: Ustar.pm,v 1.81 2014/08/10 10:01:03 espie Exp $entry->{uname}); + $entry->{gid} //= $OpenBSD: Ustar.pm,v 1.81 2014/08/10 10:01:03 espie Exp $entry->{gname}); +} + sub fatal { my ($self, @args) = @_; |