dispatch-conf: restrict default archive-dir perms

Also, add warnings about rcs and ci behavior in dispatch-conf.conf and
dispatch-conf.1. This will fix bug #315603.

diff --git a/cnf/dispatch-conf.conf b/cnf/dispatch-conf.conf
index 33ad156e68151a7aa29e882366676abf992114e3..b51b61ae17d8584e1ab07d20840623f8e0140af4 100644 (file)
--- a/cnf/dispatch-conf.conf
+++ b/cnf/dispatch-conf.conf
@@ -6,6 +6,14 @@
 archive-dir=/etc/config-archive
 
 # Use rcs for storing files in the archive directory?
+# WARNING: When configured to use rcs, read and execute permissions of
+# archived files may be inherited from the first check in of a working
+# file, as documented in the ci(1) man page. This means that even if
+# the permissions of the working file have since changed, the older
+# permissions of the first check in may be inherited. As mentioned in
+# the ci(1) man page, users can control access to RCS files by setting
+# the permissions of the directory containing the files (see
+# archive-dir above).
 # (yes or no)
 use-rcs=no
 

diff --git a/man/dispatch-conf.1 b/man/dispatch-conf.1
index b15629234d3ca60b5488803ff0de0433ab061af6..b82c2152da732aaf866a8e13a7d00e890bd729b3 100644 (file)
--- a/man/dispatch-conf.1
+++ b/man/dispatch-conf.1
@@ -1,4 +1,4 @@
-.TH "DISPATCH-CONF" "1" "Aug 2008" "Portage VERSION" "Portage"
+.TH "DISPATCH-CONF" "1" "Jan 2011" "Portage VERSION" "Portage"
 .SH NAME
 dispatch-conf \- Sanely update configuration files after emerging new packages
 .SH SYNOPSIS
@@ -73,6 +73,16 @@ Display a help screen.
 .B q
 Quit
 .I dispatch-conf.
+.SH FILE MODES
+\fBWARNING:\fR When \fB/etc/dispatch\-conf.conf\fR is configured
+to use \fBrcs\fR(1), read and execute permissions of archived
+files may be inherited from the first check in of a working file,
+as documented in the \fBci\fR(1) man page. This means that even
+if the permissions of the working file have since changed, the
+older permissions of the first check in may be inherited. As
+mentioned in the \fBci\fR(1) man page, users can control access
+to RCS files by setting the permissions of the directory
+containing the files.
 .SH "REPORTING BUGS"
 Please report bugs via http://bugs.gentoo.org/
 .SH AUTHORS
@@ -88,4 +98,6 @@ Grant Goodyear <g2boojum@gentoo.org>
 Configuration settings for \fIdispatch-conf\fR are stored here.
 .SH "SEE ALSO"
 .BR make.conf (5),
-.BR etc-update (1)
+.BR ci (1),
+.BR etc-update (1),
+.BR rcs (1)

diff --git a/pym/portage/dispatch_conf.py b/pym/portage/dispatch_conf.py
index 5724d9169ecf2255166cf43c39fadd797ce4a37e..228638c0160238edaaaf74df146342f9dec6b1b5 100644 (file)
--- a/pym/portage/dispatch_conf.py
+++ b/pym/portage/dispatch_conf.py
@@ -1,5 +1,5 @@
 # archive_conf.py -- functionality common to archive-conf and dispatch-conf
-# Copyright 2003-2004 Gentoo Foundation
+# Copyright 2003-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 
@@ -64,6 +64,9 @@ def read_config(mandatory_opts):
 
     if not os.path.exists(opts['archive-dir']):
         os.mkdir(opts['archive-dir'])
+        # Use restrictive permissions by default, in order to protect
+        # against vulnerabilities (like bug #315603 involving rcs).
+        os.chmod(opts['archive-dir'], 0o700)
     elif not os.path.isdir(opts['archive-dir']):
         print(_('dispatch-conf: Config archive dir [%s] must exist; fatal') % (opts['archive-dir'],), file=sys.stderr)
         sys.exit(1)