On 08/26/14 21:21, Rick "Zero_Chaos" Farina wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/26/2014 06:23 PM, Anthony G. Basile wrote:
On 08/26/14 17:00, Alexander Tsoy wrote:
On Tue Aug 26 22:27:36 2014 Anthony G. Basile <[email protected]>
wrote:
Hi everyone,
I plan to update the pax-utils.eclass because of bug #520198. Can
people please review that bug and the latest suggestion for the eclass.
Since I'm inverting some if and for blocks, a diff isn't as useful as
just looking at the entire class.
What if scanelf will fail? Looks like pax-mark() will not report an
error.
scanelf doesn't return an error code on failing to pax mark. The paxctl
and paxctl-ng do. eg.
Maybe we should read the pax marks back to verify if it works or not
instead of trusting the return code? We could do it just for scanelf.
- -Zero
scanelf is the last line of defense. If we get there, paxctl and
paxctl-ng have failed, so we can't trust them really. Changing the exit
code for scanelf could cause other issues, eg in portage where it is
used in a few places. As we discussed today during the Hardened
meeting, we'll ewarn if we get here.
blueness@yellow /tmp $ rm -f abc
blueness@yellow /tmp $ touch abc
blueness@yellow /tmp $ scanelf -Xx abc >/dev/null ; echo $?
0
If you want a more sophisticated example, remove the PT_PAX_FLAGS
program header from an elf and you get the same results. I don't think
its wise to change the behavior of scanelf because its used in portage
eg in constructing NEEDED.ELF.2. So its not clear what the unintended
consequences would be if we did report an error here. vapier would be
able to better address that. I just wrote the eclass following the
current behaviour.
And there are unused variables in pax-mark(): pt_fail* and xt_fail*.
Thanks for catching the cruft.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJT/TKeAAoJEKXdFCfdEflKYB0QAKB/qpHKdqBkoG2lB9dH+1RG
qIEyqHdf/SFDem31n1WO5On14enSn+cxafltTvg0emL34emg8v1Y0qD3s0CqXt4K
juX3X8tCnT0CMME/Q4+mgs7aF2+/SLKliUQQ0H842xSSgBGS6uXy6hLa9p0wLOGL
l9tzSjHGDBuTFdqZEqWiPVKOWw5loKZto0w8z6xHyFicEvNGGIaUZcpvvHs8dM26
aDICXrWqbU6dP8rU2AA8CSapEoFjuOQHQWPCzaIGlABSb9X9N/dbeS27bVQdiQm4
MBOEJHr9EPYwRRFJ8/XagCRDe3gUgh9p+WROnHZVblMkKRbUJvLqyYSLT220hdRi
lwFJb8kiXfP446jk821wu2xbf0DYCuqOJFTUL/2lcXUO7atIQJqOlOYlpfL7IGSn
RYKxDaJSoaxuGkMsqgKcp9gZ8AD/VT6uD1r6iTTkmCAnVQj4UB02XDc+r6+coyUc
PTjyDiOeQHUhjvoWuJBxAT+TWNZRWXdIkIS1CzGHuCoovGyba+k9JfsOmmFX1HNR
vFzSnOZ+AwIZSk0Mwbm7yeigrXlnPax3D7cRAACif9+fgkXolYr7NYZWgUuEYmDg
0BAjAsnK1Hr+UhQ6PmcLy8DH5svV9WaQcTWEGDHkEqavpZG3bqv/XKePXS//9MxK
rq52G8MW2QlYGVFJd8ZR
=5Kdh
-----END PGP SIGNATURE-----
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : [email protected]
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
