[pacman-dev] [PATCH] Remove setgid bit on srcdir/pkgdir creation

Dan McGee dan at archlinux.org
Wed Jan 20 00:27:40 EST 2010 

On Tue, Jan 19, 2010 at 11:25 PM, Dan McGee <dan at archlinux.org> wrote:
> It was noted in FS#17533 that setgid bits are carried down into any created
> subdirectories, and thus could end up being in a built package if the
> original package directory was marked g+s. When we create src/ and pkg/,
> explicitly chmod them to remove any sticky bits.
>
> Signed-off-by: Dan McGee <dan at archlinux.org>
> ---
I forgot to add here that I wasn't particularly happy I had to add an
additional command in 6 places. Do we know why we create these
directories so much? Some of them are probably unnecessary...

-Dan

>  scripts/makepkg.sh.in |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)
>
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 5bd294c..c2045e5 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -1056,6 +1056,7 @@ create_srcpackage() {
>
>        # Get back to our src directory so we can begin with sources.
>        mkdir -p "$srcdir"
> +       chmod a-s "$srcdir"
>        cd "$srcdir"
>        download_sources
>        # We can only check checksums if we have all files.
> @@ -1725,6 +1726,7 @@ fi
>
>  if (( GENINTEG )); then
>        mkdir -p "$srcdir"
> +       chmod a-s "$srcdir"
>        cd "$srcdir"
>        download_sources
>        generate_checksums
> @@ -1824,6 +1826,7 @@ if (( INFAKEROOT )); then
>                for pkg in ${pkgname[@]}; do
>                        pkgdir="$pkgdir/$pkg"
>                        mkdir -p "$pkgdir"
> +                       chmod a-s "$pkgdir"
>                        backup_package_variables
>                        run_package $pkg
>                        tidy_install
> @@ -1880,6 +1883,7 @@ umask 0022
>
>  # get back to our src directory so we can begin with sources
>  mkdir -p "$srcdir"
> +chmod a-s "$srcdir"
>  cd "$srcdir"
>
>  if (( NOEXTRACT )); then
> @@ -1915,6 +1919,7 @@ else
>                rm -rf "$pkgdir"
>        fi
>        mkdir -p "$pkgdir"
> +       chmod a-s "$pkgdir"
>        cd "$startdir"
>
>        # if we are root or if fakeroot is not enabled, then we don't use it
> @@ -1935,6 +1940,7 @@ else
>                        for pkg in ${pkgname[@]}; do
>                                pkgdir="$pkgdir/$pkg"
>                                mkdir -p "$pkgdir"
> +                               chmod a-s "$pkgdir"
>                                backup_package_variables
>                                run_package $pkg
>                                tidy_install
> --
> 1.6.6
>
>

More information about the pacman-dev mailing list