mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-26 03:19:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
35c8b87b1ca2d181e9aa77d83541f29ea76481a2
poky/meta/recipes-devtools/pseudo/pseudo.inc
Jason Wessel 6cac15e514 pseudo: Fix openat() with a symlink pointing to a directory 
While working with ostree disk generation in conjunction with wic, I
found a problem with pseudo where it tried to resolve a symlink when
it shouldn't, based on openat() flags. A C program has been
constructed to test pseudo to show that it is working properly with
the correct behavior around openat().

 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <dirent.h>
 #include <unistd.h>
 #include <fcntl.h>

int main()
{
    /*
     * Tested with: gcc -Wall -o app app.c ; echo "no pseudo" ;
     * ./app ; echo "pseudo"; pseudo ./app
     */
    system("rm -rf tdir tlink");
    system("mkdir tdir");
    system("ln -s tdir tlink");
    DIR *dir = opendir(".");
    int dfd = dirfd(dir);

    int target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK |
                             O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
    if (target_dfd == -1) {
        printf("Test 1 good\n");
    } else {
        printf("Test 1 failed\n");
        close(target_dfd);
    }
    target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK |
                         O_DIRECTORY | O_CLOEXEC);
    if (target_dfd == -1) {
        printf("Test 2 failed\n");
    } else {
        printf("Test 2 good\n");
        close(target_dfd);
    }
    /* Test 3 make sure the owner of the link is root  */
    struct stat sbuf;
    if (!lstat("tlink", &sbuf) && sbuf.st_uid == 0) {
        printf("Test 3 good\n");
    } else {
        printf("Test 3 failed\n");
    }
    /* Test 4 tests open with the "rb" flag, owner should not change */
    int ofd = openat(dfd,"./tlink", O_RDONLY|O_CLOEXEC);
    if (ofd >= 0) {
        if (fstat(ofd, &sbuf) != 0)
            printf("ERROR in fstat test 4\n");
        else if (sbuf.st_uid == 0)
            printf("Test 4 good\n");
        close(ofd);
    } else {
        printf("Test 4 failed with openat()\n");
    }
    /* Test pseudo db to see the fstat() above did not delete the DB entry */
    if (!lstat("tlink", &sbuf) && sbuf.st_uid == 0)
        printf("Test 5 good\n");
    else
        printf("Test 5 failed... tlink is owned by %i and not 0\n", sbuf.st_uid);
    return 0;
}

int main()
{
    /* Tested with: gcc -Wall -o app app.c ; echo "no pseudo" ; ./app ; echo "pseudo"; pseudo ./app */
    system("rm -rf tdir tlink");
    system("mkdir tdir");
    system("ln -s tdir tlink");
    DIR *dir = opendir(".");
    int dfd = dirfd(dir);

    int target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
    if (target_dfd == -1) {
        printf("This is right\n");
    } else {
        printf("This is broken\n");
    }
    return 0;
}

Many thanks to Peter Seebach for fixing the problem in the pseudo code
to use the same logic which was already there for the
AT_SYMLINK_NOFOLLOW.

Also updated is the license MD5 checksum since the master branch of
pseudo has had the SPDX data updated.

(From OE-Core rev: a98ea4be5ce19ff380ca500ba1ef3da490ec4556)

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-08-07 16:08:15 +01:00

156 lines
5.2 KiB
PHP
Raw Blame History

# Note: Due to the bitbake wrapper script, making changes to pseudo can be
# difficult. To work around the current version of the wrapper use:
# BBFETCH2=True PSEUDO_BUILD=1 ../bitbake/bin/bitbake pseudo-native [-c CMD]
SUMMARY = "Pseudo gives fake root capabilities to a normal user"
HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/pseudo"
LIC_FILES_CHKSUM = "file://COPYING;md5=a1d8023a6f953ac6ea4af765ff62d574"
SECTION = "base"
LICENSE = "LGPL2.1"
DEPENDS = "sqlite3 attr"
FILES_${PN} = "${prefix}/lib/pseudo/lib*/libpseudo.so ${bindir}/* ${localstatedir}/pseudo ${prefix}/var/pseudo"
INSANE_SKIP_${PN} += "libdir"
INSANE_SKIP_${PN}-dbg += "libdir"
PROVIDES += "virtual/fakeroot"
MAKEOPTS = ""
inherit siteinfo pkgconfig
do_configure () {
:
}
NO32LIBS ??= "1"
NO32LIBS_class-nativesdk = "1"
PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback --enable-epoll --enable-xattr"
# Compile for the local machine arch...
do_compile () {
SQLITE_LDADD='$(SQLITE)/$(SQLITE_LIB)/libsqlite3.a'
for sqlite_link_opt in $(pkg-config sqlite3 --libs --static)
do
case "$sqlite_link_opt" in
-lsqlite3)
;;
-l*)
SQLITE_LDADD="${SQLITE_LDADD} ${sqlite_link_opt}"
;;
*)
;;
esac
done
if [ "${SITEINFO_BITS}" = "64" ]; then
${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib${SITEINFO_BITS} --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --with-static-sqlite="$SQLITE_LDADD" --without-rpath
else
${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --with-static-sqlite="$SQLITE_LDADD" --without-rpath
fi
oe_runmake ${MAKEOPTS}
}
do_compile[vardepsexclude] = "SITEINFO_BITS"
maybe_make32() {
# We probably don't need to build 32-bit binaries.
make32=false
if [ "${SITEINFO_BITS}" = "64" ]; then
case "${NO32LIBS}" in
0) make32=true
;;
1) make32=false
;;
*) # If unset, build 32-bit if we think we can.
if [ -e "/usr/include/gnu/stubs-32.h" ]; then
make32=true
fi
;;
esac
fi
if $make32; then
if ! [ -e "/usr/include/gnu/stubs-32.h" ]; then
warn_32bit_missing
else
bbnote "Attempting to build 32-bit libpseudo.so for ${PN}."
fi
else
bbnote "Building/installing only 64-bit libpseudo.so for ${PN}."
bbnote "If you need to run 32-bit executables, ensure that NO32LIBS is set to 0."
fi
}
maybe_make32[vardepsexclude] = "SITEINFO_BITS"
warn_32bit_missing() {
bbwarn "Can't find stubs-32.h, but usually need it to build 32-bit libpseudo."
bbwarn "If the build fails, install 32-bit developer packages."
bbwarn "If you are using 32-bit binaries, the 32-bit libpseudo is NOT optional."
}
# Two below are the same
# If necessary compile for the alternative machine arch. This is only
# necessary in a native build.
do_compile_prepend_class-native () {
maybe_make32
if $make32; then
# We need the 32-bit libpseudo on a 64-bit machine...
# Note that this is not well-tested outside of x86/x86_64.
# if we're being rebuilt due to a dependency change, we need to make sure
# everything is clean before we configure and build -- if we haven't previously
# built this will fail and be ignored.
make ${MAKEOPTS} distclean || :
./configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --bits=32 --without-rpath
save_traps=$(trap)
trap 'warn_32bit_missing' 0
oe_runmake ${MAKEOPTS} libpseudo
eval "$save_traps"
# prevent it from removing the lib, but remove everything else
make 'LIB=foo' ${MAKEOPTS} distclean
fi
}
do_compile_prepend_class-nativesdk () {
maybe_make32
if $make32; then
# We need the 32-bit libpseudo on a 64-bit machine.
# Note that this is not well-tested outside of x86/x86_64.
./configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --bits=32 --without-rpath
oe_runmake ${MAKEOPTS} libpseudo
# prevent it from removing the lib, but remove everything else
make 'LIB=foo' ${MAKEOPTS} distclean
fi
}
do_install () {
oe_runmake 'DESTDIR=${D}' ${MAKEOPTS} 'LIB=lib/pseudo/lib$(MARK64)' install
}
do_install_append_class-native () {
install -d ${D}${sysconfdir}
# The fallback files should never be modified
install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
install -m 444 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
# Two native/nativesdk entries below are the same
# If necessary install for the alternative machine arch. This is only
# necessary in a native build.
maybe_make32
if $make32; then
mkdir -p ${D}${prefix}/lib/pseudo/lib
cp lib/pseudo/lib/libpseudo.so ${D}${prefix}/lib/pseudo/lib/.
fi
}
do_install_append_class-nativesdk () {
maybe_make32
if $make32; then
mkdir -p ${D}${prefix}/lib/pseudo/lib
cp lib/pseudo/lib/libpseudo.so ${D}${prefix}/lib/pseudo/lib/.
fi
chrpath -d ${D}${prefix}/lib/pseudo/lib*/libpseudo.so
}
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink