From: Jason Stubbs Date: Thu, 29 Sep 2005 16:31:33 +0000 (-0000) Subject: Security checks regarding installation of world-writable files. X-Git-Tag: v2.0.53_rc4_2111~46 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=64593ae710a7b4af6d2b5dc6886d695499b72e30;p=portage.git Security checks regarding installation of world-writable files. svn path=/main/branches/2.0/; revision=2049 --- diff --git a/bin/ebuild.sh b/bin/ebuild.sh index ed3bd94f2..cf012d1b0 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -1018,12 +1018,24 @@ dyn_install() { for i in $(find "${D}/" -type f -perm -2002); do ((UNSAFE++)) echo "UNSAFE SetGID: $i" + chmod -s,o-w "$i" done for i in $(find "${D}/" -type f -perm -4002); do ((UNSAFE++)) echo "UNSAFE SetUID: $i" + chmod -s,o-w "$i" done + # Now we look for all world writable files. + for i in $(find "${D}/" -type f -perm -2); do + echo -ne '\a' + echo "QA Security Notice:" + echo "- ${i:${#D}:${#i}} will be a world writable file." + echo "- This may or may not be a security problem, most of the time it is one." + echo "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." + sleep 1 + done + if type -p scanelf > /dev/null ; then # Make sure we disallow insecure RUNPATH/RPATH's # Don't want paths that point to the tree where the package was built