diff options
author | Sam James <sam@gentoo.org> | 2023-01-03 04:02:24 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2023-01-05 00:33:06 +0000 |
commit | c5d40af3c56436cdbf774707cb36a8cdc832b3dd (patch) | |
tree | 2760674023524783e878c3489e6aea2c6e951cd8 /eclass/unpacker.eclass | |
parent | mono.eclass: pass -S to file to disable seccomp (diff) | |
download | gentoo-c5d40af3c56436cdbf774707cb36a8cdc832b3dd.tar.gz gentoo-c5d40af3c56436cdbf774707cb36a8cdc832b3dd.tar.bz2 gentoo-c5d40af3c56436cdbf774707cb36a8cdc832b3dd.zip |
unpacker.eclass: pass -S to file to disable seccomp
Files being installed by Portage are generally trusted but also the
syscalls allowed by file are quite broad anyway.
With e.g. new libc or sandbox version (or any number of things...), the
syscalls used by file can change which leads to its seccomp filter killing
the process. This is an acceptable tradeoff when users are calling file(1),
but it makes less sense with trusted input within Portage, especially
where it may lead to confusing errors (swallowed within pipes, subshells,
etc).
Indeed, it might even be the case that file(1) is broken, but the user
needs to complete a world upgrade to get a newer file/portage/???, but
can't because of various ebuilds (like ones using this eclass) failing.
Disable seccomp for these calls to keep working.
Bug: https://bugs.gentoo.org/811462
Bug: https://bugs.gentoo.org/815877
Bug: https://bugs.gentoo.org/889046
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'eclass/unpacker.eclass')
-rw-r--r-- | eclass/unpacker.eclass | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/eclass/unpacker.eclass b/eclass/unpacker.eclass index 5ce681ebaa0d..326b2fa67524 100644 --- a/eclass/unpacker.eclass +++ b/eclass/unpacker.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: unpacker.eclass @@ -122,7 +122,7 @@ unpack_pdv() { local tmpfile="${T}/${FUNCNAME}" tail -c +$((${tailskip}+1)) ${src} 2>/dev/null | head -c 512 > "${tmpfile}" - local iscompressed=$(file -b "${tmpfile}") + local iscompressed=$(file -S -b "${tmpfile}") if [[ ${iscompressed:0:8} == "compress" ]] ; then iscompressed=1 mv "${tmpfile}"{,.Z} @@ -130,7 +130,7 @@ unpack_pdv() { else iscompressed=0 fi - local istar=$(file -b "${tmpfile}") + local istar=$(file -S -b "${tmpfile}") if [[ ${istar:0:9} == "POSIX tar" ]] ; then istar=1 else @@ -244,7 +244,7 @@ unpack_makeself() { # lets grab the first few bytes of the file to figure out what kind of archive it is local decomp= filetype suffix - filetype=$("${exe[@]}" 2>/dev/null | head -c 512 | file -b -) || die + filetype=$("${exe[@]}" 2>/dev/null | head -c 512 | file -S -b -) || die case ${filetype} in *tar\ archive*) decomp=cat |