[pacman-dev] [PATCH] Remove setgid bit on srcdir/pkgdir creation

Tue, 19 Jan 2010 21:25:40 -0800 

It was noted in FS#17533 that setgid bits are carried down into any created
subdirectories, and thus could end up being in a built package if the
original package directory was marked g+s. When we create src/ and pkg/,
explicitly chmod them to remove any sticky bits.

Signed-off-by: Dan McGee <[email protected]>
---
 scripts/makepkg.sh.in |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 5bd294c..c2045e5 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1056,6 +1056,7 @@ create_srcpackage() {
 
        # Get back to our src directory so we can begin with sources.
        mkdir -p "$srcdir"
+       chmod a-s "$srcdir"
        cd "$srcdir"
        download_sources
        # We can only check checksums if we have all files.
@@ -1725,6 +1726,7 @@ fi
 
 if (( GENINTEG )); then
        mkdir -p "$srcdir"
+       chmod a-s "$srcdir"
        cd "$srcdir"
        download_sources
        generate_checksums
@@ -1824,6 +1826,7 @@ if (( INFAKEROOT )); then
                for pkg in ${pkgna...@]}; do
                        pkgdir="$pkgdir/$pkg"
                        mkdir -p "$pkgdir"
+                       chmod a-s "$pkgdir"
                        backup_package_variables
                        run_package $pkg
                        tidy_install
@@ -1880,6 +1883,7 @@ umask 0022
 
 # get back to our src directory so we can begin with sources
 mkdir -p "$srcdir"
+chmod a-s "$srcdir"
 cd "$srcdir"
 
 if (( NOEXTRACT )); then
@@ -1915,6 +1919,7 @@ else
                rm -rf "$pkgdir"
        fi
        mkdir -p "$pkgdir"
+       chmod a-s "$pkgdir"
        cd "$startdir"
 
        # if we are root or if fakeroot is not enabled, then we don't use it
@@ -1935,6 +1940,7 @@ else
                        for pkg in ${pkgna...@]}; do
                                pkgdir="$pkgdir/$pkg"
                                mkdir -p "$pkgdir"
+                               chmod a-s "$pkgdir"
                                backup_package_variables
                                run_package $pkg
                                tidy_install
-- 
1.6.6

Reply via email to