From 2a0ea5621ef7cd9303e49657166dfd04ffa624d7 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Tue, 16 Aug 2016 13:55:08 -0400 Subject: [PATCH 1/1] mk: Change umask from 002 to 022 in the CreateDir macro. The build system has a macro called CreateDir that does more or less what you'd expect. But before it creates the directory given to it, it sets the umask to 002. This can be a vulnerability, since we don't know who the end user will be building the software as; there may be untrusted people in his default group. In that case, one of those people can overwrite the scripts in the directory created by CreateDir before the user executes them. There is a kernel-level workaround for these types of vulnerabilities in the Grsecurity project called Trusted Path Execution (TPE). When enabled, users are not allowed to execute files in directories not owned by themselves or root. When that restriction is enabled, omniORB fails to build (due to the aforementioned umask). This commit changes the umask to 022 in CreateDir. This should not cause any problems (ha ha), and is safer than the previous umask of 002. It also fixes the build on systems where TPE is enabled. Gentoo-Bug: 576040 --- mk/beforeauto.mk.in | 2 +- mk/beforedir.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mk/beforeauto.mk.in b/mk/beforeauto.mk.in index 83d544c..9f65c69 100644 --- a/mk/beforeauto.mk.in +++ b/mk/beforeauto.mk.in @@ -167,7 +167,7 @@ unexport SUBDIRS define CreateDir if [ ! -d $$dir ]; then \ - (umask 002; set -x; $(MKDIRHIER) $$dir); \ + (umask 022; set -x; $(MKDIRHIER) $$dir); \ fi endef diff --git a/mk/beforedir.mk b/mk/beforedir.mk index f804ed3..855bc4d 100644 --- a/mk/beforedir.mk +++ b/mk/beforedir.mk @@ -187,7 +187,7 @@ unexport SUBDIRS define CreateDir if [ ! -d $$dir ]; then \ - (umask 002; set -x; $(MKDIRHIER) $$dir); \ + (umask 022; set -x; $(MKDIRHIER) $$dir); \ fi endef -- 2.7.3