[oe-commits] Richard Purdie : sanity: Check for setgid/setuid TMPDIR

[git at git.openembedded.org]

Module: openembedded-core.git
Branch: master-next
Commit: 8e44fc36018fda9b1f9ca8aebde3e744afc07eaa
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=8e44fc36018fda9b1f9ca8aebde3e744afc07eaa

Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Wed Jul 23 17:05:44 2014 +0100

sanity: Check for setgid/setuid TMPDIR

Building in a TMPDIR which has setgid or setuid is a bad idea. We could try and reset
the permissions but since these can also invade into other directories like the cache
or sstate, lets tell the user to fix it instead.

[YOCTO #6519]

Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

---

 meta/classes/sanity.bbclass | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index ed65814..1ad663a 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -514,6 +514,7 @@ def check_sanity_version_change(status, d):
         import xml.parsers.expat
     except ImportError:
         status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n')
+    import stat
 
     status.addresult(check_make_version(d))
     status.addresult(check_tar_version(d))
@@ -566,6 +567,11 @@ def check_sanity_version_change(status, d):
     # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
     tmpdir = d.getVar('TMPDIR', True)
     status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
+    tmpdirmode = os.stat(tmpdir).st_mode
+    if (tmpdirmode & stat.S_ISGID):
+        status.addresult("TMPDIR is setgid, please don't build in a setgid directory")
+    if (tmpdirmode & stat.S_ISUID):
+        status.addresult("TMPDIR is setuid, please don't build in a setuid directory")
 
     # Some third-party software apparently relies on chmod etc. being suid root (!!)
     import stat