On Tue, Aug 07, 2012 at 10:25:17AM -0400, Jeffrey Johnson wrote: > Its rather astonishing that years and years later that missing > package dependencies due to non-executable bits on ELF > libraries needs to be discussed.
Like this? (taken from rpm-4.0.4-alt100.52) -- ---- WBR, Michael Shigorin <[email protected]> ------ Linux.Kiev http://www.linux.kiev.ua/
#!/bin/sh -e # # brp-fix-perms - try to fix filesystem permissions. # # Copyright (C) 2001-2003 Dmitry V. Levin <[email protected]> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # . /usr/lib/rpm/functions ValidateBuildRoot cd "$RPM_BUILD_ROOT" # Following objects should be world readable. for d in usr/{share,include} usr/X11R6/{share,include,man}; do [ ! -d "$d" ] || chmod -c -R a+rX "$d" done # Following objects should not be group/world writable. for d in usr/*; do [ "$d" = "usr/src" -o -L "$d" -o ! -d "$d" ] || chmod -c -R u+w,go-w "$d" done # Following files should not be group/world readable. find -type f \( -perm -4100 -o -perm -2100 \) -print0 | xargs -r0 chmod -c -R go-rw -- find -type f -perm +0111 -print0 | xargs -r0 /usr/lib/rpm/fixup-libraries
#!/bin/sh -e # # fixup-shared - fix permissions of libraries. # # Copyright (C) 2003-2005,2008 Dmitry V. Levin <[email protected]> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # for file in "$@"; do type=`file -b "$file"` || continue case "$type" in current\ ar\ archive|*\ current\ ar\ archive) chmod -v u+w,a-x,ug-s "$file" ;; ELF\ *\ shared\ object,\ *|*\ ELF\ *\ shared\ object,\ *) file_header="$(readelf -h "$file")" || continue entry=`printf %s "$file_header" |sed -ne 's/^ \+Entry point address: \+0x0*\([0-9a-f]\+\)$/\1/p'` [ -n "$entry" ] || continue section_header="$(readelf -S "$file")" || continue # See: comm -12 <(fgrep -l .interp /usr/lib/ldscripts/*) <(fgrep -le --shared /usr/lib/ldscripts/*) if printf %s "$section_header" |fgrep -qs ' .interp '; then continue fi text=`printf %s "$section_header" |sed -ne 's/^ *\[ *[0-9]\+\] \.text \+PROGBITS \+0*\([0-9a-f]\+\) \+.*/\1/p'` [ -n "$text" ] || continue [ "$entry" = "$text" ] || continue [ -n "${file##*/lib64/ld-*.so}" ] || continue chmod -c u+w,a-x,ug-s "$file" ;; esac done
_______________________________________________ pld-devel-en mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
