Skip to content

Commit

Permalink
Fix nasty --setperms/--setugids regression in 4.14.2 (RhBug: 1640470)
Browse files Browse the repository at this point in the history
Commit 38c2f6e causes --setperms and
--setugids follow symlinks instead of skipping them.

In case of --setperms, all encountered symlinks will have their
target file/directory permissions set to the 0777 of the link itself
(so world writable etc but suid/sgid stripped), temporarily or permanently,
depending on whether the symlink occurs before or after it's target in the
package file list. When the link occurs before its target, there's a short
window where the target is world writable before having it's permissions
reset to original, making it particularly bad for suid/sgid binaries.

--setugids is similarly affected with link targets owner/group changing
to that of the symlink.

Add missing parentheses to the conditions introduced in commit
38c2f6e to fix.
Reported by Karel Srot, patch by Pavlina Moravcova Varekova.
  • Loading branch information
pmatilai committed Oct 22, 2018
1 parent 0d2176c commit 0d83637
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rpmpopt.in
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,14 @@ rpm alias --scripts --qf '\
--POPTdesc=$"list install/erase scriptlets from package(s)"

rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
\[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] || \
( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
--pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
--POPTdesc=$"set permissions of files in a package"

rpm alias --setugids -q --qf \
'[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape} %{FILEFLAGS}\n]' \
--pipe "(echo 'ch() { \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] || \
--pipe "(echo 'ch() { ( \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] ) || \
(chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\";) }'; \
grep '^ch '|grep -v \(none\))|sh" \
--POPTdesc=$"set user/group ownership of files in a package"
Expand Down

0 comments on commit 0d83637

Please sign in to comment.