OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpm?expand=0&rev=1

sbitcheck.diff

@@ -0,0 +1,105 @@
+When deleting files, drop any s-bit first, so that a malicious
+user does not have access to old programs if he hard links them
+to some other directory. [#50376] rh#125517
+
+Already in rpm-4.4.7.
+
+Index: lib/cpio.h
+===================================================================
+--- lib/cpio.h.orig
++++ lib/cpio.h
+@@ -64,7 +64,8 @@ typedef enum cpioMapFlags_e {
+     CPIO_MAP_ABSOLUTE	= (1 << 5),
+     CPIO_MAP_ADDDOT	= (1 << 6),
+     CPIO_ALL_HARDLINKS	= (1 << 7), /*!< fail if hardlinks are missing. */
+-    CPIO_MAP_TYPE	= (1 << 8)  /*!< only for building. */
++    CPIO_MAP_TYPE	= (1 << 8),  /*!< only for building. */
++    CPIO_SBIT_CHECK	= (1 << 9)
+ } cpioMapFlags;
+ 
+ #define CPIO_NEWC_MAGIC	"070701"
+Index: lib/fsm.c
+===================================================================
+--- lib/fsm.c.orig
++++ lib/fsm.c
+@@ -2127,6 +2127,11 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
+ 	/*@notreached@*/ break;
+ 
+     case FSM_UNLINK:
++	if (fsm->mapFlags & CPIO_SBIT_CHECK) {
++	    struct stat stb;
++	    if (Lstat(fsm->path, &stb) == 0 && S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0)
++		chmod(fsm->path, stb.st_mode & 0777);
++	}
+ 	rc = Unlink(fsm->path);
+ 	if (_fsm_debug && (stage & FSM_SYSCALL))
+ 	    rpmMessage(RPMMESS_DEBUG, " %8s (%s) %s\n", cur,
+Index: lib/psm.c
+===================================================================
+--- lib/psm.c.orig
++++ lib/psm.c
+@@ -1472,7 +1472,7 @@ assert(psm->mi == NULL);
+ 		fi->striplen = (xx ? strlen(p) + 1 : 1);
+ 	    }
+ 	    fi->mapflags =
+-		CPIO_MAP_PATH | CPIO_MAP_MODE | CPIO_MAP_UID | CPIO_MAP_GID;
++		CPIO_MAP_PATH | CPIO_MAP_MODE | CPIO_MAP_UID | CPIO_MAP_GID | (fi->mapflags & CPIO_SBIT_CHECK);
+ 	
+ 	    if (headerIsEntry(fi->h, RPMTAG_ORIGBASENAMES))
+ 		rpmfiBuildFNames(fi->h, RPMTAG_ORIGBASENAMES, &fi->apath, NULL);
+Index: lib/transaction.c
+===================================================================
+--- lib/transaction.c.orig
++++ lib/transaction.c
+@@ -187,6 +187,13 @@ static int handleInstInstalledFiles(cons
+ 	if (XFA_SKIPPING(fi->actions[fileNum]))
+ 	    continue;
+ 
++	if (!(fi->mapflags & CPIO_SBIT_CHECK)) {
++	    int_16 omode = rpmfiFMode(otherFi);
++	    if (S_ISREG(omode) && (omode & 06000) != 0) {
++		fi->mapflags |= CPIO_SBIT_CHECK;
++	    }
++	}
++
+ 	if (rpmfiCompare(otherFi, fi)) {
+ 	    int rConflicts;
+ 
+@@ -1843,6 +1850,20 @@ rpmMessage(RPMMESS_DEBUG, _("computing f
+ 	case TR_REMOVED:
+ 	    /*@switchbreak@*/ break;
+ 	}
++	/* check for s-bit files to be removed */
++	if (rpmteType(p) == TR_REMOVED) {
++	    fi = rpmfiInit(fi, 0);
++	    while ((i = rpmfiNext(fi)) >= 0) {
++		int_16 mode;
++		if (XFA_SKIPPING(fi->actions[i]))
++		    continue;
++		(void) rpmfiSetFX(fi, i);
++		mode = rpmfiFMode(fi);
++		if (S_ISREG(mode) && (mode & 06000) != 0) {
++		    fi->mapflags |= CPIO_SBIT_CHECK;
++		}
++	    }
++	}
+ 	(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), fc);
+     }
+     pi = rpmtsiFree(pi);
+@@ -2088,6 +2109,7 @@ assert(psm != NULL);
+ 		{
+ 		    char * fstates = fi->fstates;
+ 		    fileAction * actions = fi->actions;
++		    int mapflags = fi->mapflags;
+ 		    rpmte savep;
+ 
+ 		    fi->fstates = NULL;
+@@ -2106,6 +2128,8 @@ assert(psm != NULL);
+ 			fi->fstates = fstates;
+ 			fi->actions = _free(fi->actions);
+ 			fi->actions = actions;
++			if (mapflags & CPIO_SBIT_CHECK)
++			    fi->mapflags |= CPIO_SBIT_CHECK;
+ 			p->fi = fi;
+ 		    }
+ 		}