[pacman-dev] [PATCH] Remove setgid bit on srcdir/pkgdir creation
Dan McGee
dan at archlinux.org
Wed Jan 20 00:25:19 EST 2010
It was noted in FS#17533 that setgid bits are carried down into any created
subdirectories, and thus could end up being in a built package if the
original package directory was marked g+s. When we create src/ and pkg/,
explicitly chmod them to remove any sticky bits.
Signed-off-by: Dan McGee <dan at archlinux.org>
---
scripts/makepkg.sh.in | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 5bd294c..c2045e5 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1056,6 +1056,7 @@ create_srcpackage() {
# Get back to our src directory so we can begin with sources.
mkdir -p "$srcdir"
+ chmod a-s "$srcdir"
cd "$srcdir"
download_sources
# We can only check checksums if we have all files.
@@ -1725,6 +1726,7 @@ fi
if (( GENINTEG )); then
mkdir -p "$srcdir"
+ chmod a-s "$srcdir"
cd "$srcdir"
download_sources
generate_checksums
@@ -1824,6 +1826,7 @@ if (( INFAKEROOT )); then
for pkg in ${pkgname[@]}; do
pkgdir="$pkgdir/$pkg"
mkdir -p "$pkgdir"
+ chmod a-s "$pkgdir"
backup_package_variables
run_package $pkg
tidy_install
@@ -1880,6 +1883,7 @@ umask 0022
# get back to our src directory so we can begin with sources
mkdir -p "$srcdir"
+chmod a-s "$srcdir"
cd "$srcdir"
if (( NOEXTRACT )); then
@@ -1915,6 +1919,7 @@ else
rm -rf "$pkgdir"
fi
mkdir -p "$pkgdir"
+ chmod a-s "$pkgdir"
cd "$startdir"
# if we are root or if fakeroot is not enabled, then we don't use it
@@ -1935,6 +1940,7 @@ else
for pkg in ${pkgname[@]}; do
pkgdir="$pkgdir/$pkg"
mkdir -p "$pkgdir"
+ chmod a-s "$pkgdir"
backup_package_variables
run_package $pkg
tidy_install
--
1.6.6
More information about the pacman-dev
mailing list