diff options
Diffstat (limited to 'net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch')
| -rw-r--r-- | net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch deleted file mode 100644 index 2aaab59ef201..000000000000 --- a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 2a0ea5621ef7cd9303e49657166dfd04ffa624d7 Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky <michael@orlitzky.com> -Date: Tue, 16 Aug 2016 13:55:08 -0400 -Subject: [PATCH 1/1] mk: Change umask from 002 to 022 in the CreateDir macro. - -The build system has a macro called CreateDir that does more or less -what you'd expect. But before it creates the directory given to it, it -sets the umask to 002. This can be a vulnerability, since we don't -know who the end user will be building the software as; there may be -untrusted people in his default group. In that case, one of those -people can overwrite the scripts in the directory created by CreateDir -before the user executes them. - -There is a kernel-level workaround for these types of vulnerabilities -in the Grsecurity project called Trusted Path Execution (TPE). When -enabled, users are not allowed to execute files in directories not -owned by themselves or root. When that restriction is enabled, omniORB -fails to build (due to the aforementioned umask). - -This commit changes the umask to 022 in CreateDir. This should not -cause any problems (ha ha), and is safer than the previous umask of -002. It also fixes the build on systems where TPE is enabled. - -Gentoo-Bug: 576040 ---- - mk/beforeauto.mk.in | 2 +- - mk/beforedir.mk | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mk/beforeauto.mk.in b/mk/beforeauto.mk.in -index 83d544c..9f65c69 100644 ---- a/mk/beforeauto.mk.in -+++ b/mk/beforeauto.mk.in -@@ -167,7 +167,7 @@ unexport SUBDIRS - - define CreateDir - if [ ! -d $$dir ]; then \ -- (umask 002; set -x; $(MKDIRHIER) $$dir); \ -+ (umask 022; set -x; $(MKDIRHIER) $$dir); \ - fi - endef - -diff --git a/mk/beforedir.mk b/mk/beforedir.mk -index f804ed3..855bc4d 100644 ---- a/mk/beforedir.mk -+++ b/mk/beforedir.mk -@@ -187,7 +187,7 @@ unexport SUBDIRS - - define CreateDir - if [ ! -d $$dir ]; then \ -- (umask 002; set -x; $(MKDIRHIER) $$dir); \ -+ (umask 022; set -x; $(MKDIRHIER) $$dir); \ - fi - endef - --- -2.7.3 - |