aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2018-10-11 17:44:27 +0200
committerSören Tempel <soeren+git@soeren-tempel.net>2018-10-11 17:44:27 +0200
commitea0b262b7353f36cf4fe1e366bf9ce5b3870cb82 (patch)
tree7339a9561a2a05ec5aea8147dd169314b05e4129
parent83567263f653ea330b401590292e81441ebb310b (diff)
downloadaports-ea0b262b7353f36cf4fe1e366bf9ce5b3870cb82.tar.bz2
main/abuild: backport symlink handling fix for abuild-rmtemp
-rw-r--r--main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch34
-rw-r--r--main/abuild/APKBUILD8
2 files changed, 39 insertions, 3 deletions
diff --git a/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch b/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch
new file mode 100644
index 0000000..82a9d2a
--- /dev/null
+++ b/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch
@@ -0,0 +1,34 @@
+From 0b8a272359685c5b9b3c87444c79eeb3b75c9992 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Thu, 11 Oct 2018 16:44:45 +0200
+Subject: [PATCH] abuild-rmtemp: Do not follow symbolic links
+
+Symbolic links might point to files outside of the chroot and
+thus might delete files outside the chroot. This allows deletion
+of arbitrary directories on the host from a malicious APKBUILD.
+
+Following hard links shouldn't be a problem since hard links (usually)
+cannot refer to directories and since remove(3) removes the link, not
+the file it points to it shouldn't cause a problem.
+
+I noticed this because alpine-baselayout creates /var/run as a symlink
+to /run. Therefore causing /run to be deleted on the host when using
+abuild-rmtemp which in turn causes a bunch of software to no longer
+function properly (including OpenRC).
+---
+ abuild-rmtemp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/abuild-rmtemp.c b/abuild-rmtemp.c
+index 1fca31c..b9511ce 100644
+--- a/abuild-rmtemp.c
++++ b/abuild-rmtemp.c
+@@ -44,7 +44,7 @@ int main(int argc, char **argv) {
+ if (!p) errx(1, "Incorrect user");
+ if (s.st_uid != p->pw_uid) errx(1, "Permission denied");
+
+- if (nftw(argv[1], handler, 512, FTW_DEPTH)) fail();
++ if (nftw(argv[1], handler, 512, FTW_DEPTH|FTW_PHYS)) fail();
+
+ return 0;
+ }
diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD
index 9debc4f..d041459 100644
--- a/main/abuild/APKBUILD
+++ b/main/abuild/APKBUILD
@@ -2,7 +2,7 @@
pkgname=abuild
pkgver=3.3.0_pre1
_ver=${pkgver%_git*}
-pkgrel=0
+pkgrel=1
pkgdesc="Script to build Alpine Packages"
url="https://git.alpinelinux.org/cgit/abuild/"
arch="all"
@@ -20,7 +20,8 @@ subpackages="apkbuild-cpan:cpan:noarch apkbuild-gem-resolver:gems:noarch
abuild-rootbld:_rootbld:noarch $pkgname-doc"
options="suid !check"
pkggroups="abuild"
-source="https://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz"
+source="https://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz
+ 0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch"
builddir="$srcdir/$pkgname-$_ver"
prepare() {
@@ -66,4 +67,5 @@ _rootbld() {
mkdir -p "$subpkgdir"
}
-sha512sums="5d3c2c04a7d6ede2c08b524423f9594ced42d4d67f10327996a38e0782fc2de1f8086187aa9a9072df5c1aced540bdcf1b8002b832df4cf2c6a56f6f89657aa7 abuild-3.3.0_pre1.tar.xz"
+sha512sums="5d3c2c04a7d6ede2c08b524423f9594ced42d4d67f10327996a38e0782fc2de1f8086187aa9a9072df5c1aced540bdcf1b8002b832df4cf2c6a56f6f89657aa7 abuild-3.3.0_pre1.tar.xz
+e2cefff3b9d460132a7ef90c5f8ddb309b748e2ef40157c31d3dc047b0516838d8c5a0fe51952e004252ad15a76c5758d61f8deb35a970a0841fec188f8d521d 0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch"