commit: e0862b8a3b3df10038b5dea127018415cdb94f63 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Fri Jan 28 05:27:23 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Jan 28 05:27:23 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0862b8a
sys-apps/util-linux: force installed su(1) to be suid su(1) is almost useless without suid and on balance, it's more likely that people will have USE="-suid" in make.conf (globally) rather than desperately wanting to strip su(1) of its suid bits. This avoids such users having a "broken" (or dysfunctional) su(1). Users wishing to truly have a no-suid su(1) can e.g. use Portage's 'suidctl' feature or strip it out via e.g. a bashrc hook. Note that shadow's su(1) (the default implementation until recently) always forced suid su anyway. Closes: https://bugs.gentoo.org/832092 Signed-off-by: Sam James <sam <AT> gentoo.org> ...nux-9999.ebuild => util-linux-2.37.3-r1.ebuild} | 23 +++++++++++++++++++++- sys-apps/util-linux/util-linux-9999.ebuild | 16 +++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild similarity index 91% copy from sys-apps/util-linux/util-linux-9999.ebuild copy to sys-apps/util-linux/util-linux-2.37.3-r1.ebuild index 3fdf6c85b949..bc61b04a195e 100644 --- a/sys-apps/util-linux/util-linux-9999.ebuild +++ b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild @@ -16,7 +16,7 @@ if [[ ${PV} == 9999 ]] ; then EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"; else [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" + KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"; fi @@ -84,6 +84,18 @@ RESTRICT="!test? ( test )" S="${WORKDIR}/${MY_P}" +PATCHES=( + "${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972 + "${FILESDIR}"/${PN}-2.37.2-ioctl_ns-test-hang.patch # upstream test hang patch +) + +pkg_pretend() { + if use su && ! use suid ; then + elog "su will be installed as suid despite USE=-suid (bug #832092)" + elog "To use su without suid, see e.g. Portage's suidctl feature." + fi +} + src_prepare() { default @@ -291,6 +303,15 @@ multilib_src_install_all() { newpamd "${FILESDIR}/su-l.pamd" su-l fi + if use su && ! use suid ; then + # Always force suid su, even when USE=-suid, as su is useless + # for the overwhelming-majority case without suid. + # Users who wish to truly have a no-suid su can strip it out + # via e.g. Portage's suidctl or some other hook. + # See bug #832092 + fperms u+s /bin/su + fi + # Note: # Bash completion for "runuser" command is provided by same file which # would also provide bash completion for "su" command. However, we don't diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-9999.ebuild index 3fdf6c85b949..658e0639ff89 100644 --- a/sys-apps/util-linux/util-linux-9999.ebuild +++ b/sys-apps/util-linux/util-linux-9999.ebuild @@ -84,6 +84,13 @@ RESTRICT="!test? ( test )" S="${WORKDIR}/${MY_P}" +pkg_pretend() { + if use su && ! use suid ; then + elog "su will be installed as suid despite USE=-suid (bug #832092)" + elog "To use su without suid, see e.g. Portage's suidctl feature." + fi +} + src_prepare() { default @@ -291,6 +298,15 @@ multilib_src_install_all() { newpamd "${FILESDIR}/su-l.pamd" su-l fi + if use su && ! use suid ; then + # Always force suid su, even when USE=-suid, as su is useless + # for the overwhelming-majority case without suid. + # Users who wish to truly have a no-suid su can strip it out + # via e.g. Portage's suidctl or some other hook. + # See bug #832092 + fperms u+s /bin/su + fi + # Note: # Bash completion for "runuser" command is provided by same file which # would also provide bash completion for "su" command. However, we don't
