From 85329fd1406deb84baffa2d70a99916adf09745c Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sat, 25 Dec 2004 07:59:03 +0000 Subject: make sure our games arent setuid root --- eclass/games.eclass | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'eclass') diff --git a/eclass/games.eclass b/eclass/games.eclass index 002b0c825009..0114304af045 100644 --- a/eclass/games.eclass +++ b/eclass/games.eclass @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/eclass/games.eclass,v 1.82 2004/11/21 01:53:09 urilith Exp $ +# $Header: /var/cvsroot/gentoo-x86/eclass/games.eclass,v 1.83 2004/12/25 07:59:03 vapier Exp $ # # devlist: {vapier,wolf31o2,mr_bones_}@gentoo.org # @@ -97,7 +97,7 @@ newgamessbin() { gameswrapper ${FUNCNAME/games} "$@"; } gamesowners() { chown ${GAMES_USER}:${GAMES_GROUP} "$@"; } gamesperms() { chmod u+rw,g+r-w,o-rwx "$@"; } prepgamesdirs() { - local dir= + local dir f for dir in "${GAMES_PREFIX}" "${GAMES_PREFIX_OPT}" "${GAMES_DATADIR}" \ "${GAMES_SYSCONFDIR}" "${GAMES_STATEDIR}" "${GAMES_LIBDIR}" \ "${GAMES_BINDIR}" "$@" @@ -107,8 +107,13 @@ prepgamesdirs() { find "${D}/${dir}" -type d -print0 | xargs --null chmod 750 find "${D}/${dir}" -type f -print0 | xargs --null chmod o-rwx,g+r ) &> /dev/null + f=$(find "${D}/${dir}" -perm +4000 -a -uid 0) + if [[ -n ${f} ]] ; then + eerror "A game was detected that is setuid root!" + eerror "${f}" + die "refusing to merge a setuid root game" + fi done - local f= for f in $(find "${D}/${GAMES_STATEDIR}" -type f -printf '%P ' 2>/dev/null) ; do if [ -e "${ROOT}/${GAMES_STATEDIR}/${f}" ] ; then cp -p "${ROOT}/${GAMES_STATEDIR}/${f}" "${D}/${GAMES_STATEDIR}/${f}" -- cgit v1.2.3-65-gdbad