Mailing List Archive

[PATCH] savedconfig.eclass: do not preserve symlink in restore_config
This allows users to maintain the saved config file in some other
location.

Also drop the recursive (-R) option; this cp command is only executed
when we are restoring a single regular file.

Closes: https://bugs.gentoo.org/907696
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
eclass/savedconfig.eclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eclass/savedconfig.eclass b/eclass/savedconfig.eclass
index cc5748543078..a778dfba0245 100644
--- a/eclass/savedconfig.eclass
+++ b/eclass/savedconfig.eclass
@@ -124,8 +124,8 @@ restore_config() {

if [[ -f ${found} ]]; then
elog "Building using saved configfile \"${found}\""
- if [ $# -gt 0 ]; then
- cp -pPR "${found}" "$1" || die "Failed to restore ${found} to $1"
+ if [[ $# -gt 0 ]]; then
+ cp -p "${found}" "$1" || die "Failed to restore ${found} to $1"
else
die "need to know the restoration filename"
fi
--
2.40.1
Re: [PATCH] savedconfig.eclass: do not preserve symlink in restore_config [ In reply to ]
On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote:
> This allows users to maintain the saved config file in some other
> location.
>

If so, the symlink should point to a superuser-only location to avoid
creating any new vulnerabilities. We can't fix the general problem, but
we could at least mention in the docs that symlinks will (now) be
followed and that users should be careful if they want to maintain the
files elsewhere.
Re: [PATCH] savedconfig.eclass: do not preserve symlink in restore_config [ In reply to ]
On Sun, Jun 4, 2023 at 2:03?PM Michael Orlitzky <mjo@gentoo.org> wrote:
>
> On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote:
> > This allows users to maintain the saved config file in some other
> > location.
> >
>
> If so, the symlink should point to a superuser-only location to avoid
> creating any new vulnerabilities. We can't fix the general problem, but
> we could at least mention in the docs that symlinks will (now) be
> followed and that users should be careful if they want to maintain the
> files elsewhere.

That seems self-evident to me, and I don't think it warrants a callout
in the documentation.
Re: [PATCH] savedconfig.eclass: do not preserve symlink in restore_config [ In reply to ]
Michael Orlitzky <mjo@gentoo.org> writes:

> If so, the symlink should point to a superuser-only location to avoid
> creating any new vulnerabilities. We can't fix the general problem, but
> we could at least mention in the docs that symlinks will (now) be
> followed and that users should be careful if they want to maintain the
> files elsewhere.

I believe that the target directory of this cp can be considered
equivalent in terms of access to any superuser-only directory, so I'm
not sure I see the problem with this change.

LGTM
--
Arsen Arsenovi?
Re: [PATCH] savedconfig.eclass: do not preserve symlink in restore_config [ In reply to ]
On Sun, 2023-06-04 at 20:46 +0200, Arsen Arsenovi? wrote:
>
> I believe that the target directory of this cp can be considered
> equivalent in terms of access to any superuser-only directory, so I'm
> not sure I see the problem with this change.

It silently changes something that was safe (but stupid) to something
unsafe (but still stupid).