From: Zac Medico <zmedico@gentoo.org>
Date: Wed, 23 May 2007 20:48:59 +0000 (-0000)
Subject: hardlink basic suid protection (trunk r6580)
X-Git-Tag: v2.1.2.8~4
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8323ada354df804d026de402d8d82e32e0be6357;p=portage.git

hardlink basic suid protection (trunk r6580)

svn path=/main/branches/2.1.2/; revision=6606
---

diff --git a/pym/portage.py b/pym/portage.py
index be41b4d96..759b50174 100644
--- a/pym/portage.py
+++ b/pym/portage.py
@@ -7134,6 +7134,12 @@ class dblink:
 						writemsg_stdout("--- !md5   %s %s\n" % ("obj", obj))
 						continue
 					try:
+						if statobj.st_mode & (stat.S_ISUID | stat.S_ISGID):
+							# Always blind chmod 0 before unlinking to avoid race conditions.
+							os.chmod(obj, 0000)
+							if statobj.st_nlink > 1:
+								writemsg("setXid: "+str(statobj.st_nlink-1)+ \
+									" hardlinks to '%s'\n" % obj)
 						os.unlink(obj)
 					except (OSError,IOError),e:
 						pass