[OE-core] [PATCH] classes/sanity: check for suid root command evility
Paul Eggleton
paul.eggleton at linux.intel.com
Tue Jul 30 08:36:15 UTC 2013
On Monday 29 July 2013 18:43:32 Mark Hatle wrote:
> On 7/26/13 5:48 AM, Paul Eggleton wrote:
> > Some users have been found to have an unnamed third-party piece of
> > software installed which sets chmod, chown and mknod as suid root as
> > part of its installation process. This interferes with the operation of
> > pseudo and can result in files really being owned by root within the
> > build output, and therefore breaks the build, apart from being a
> > security issue. Check for this and bail out early if it is found.
> >
> > Reported-by: Nicolas Dechesne <nicolas.dechesne at linaro.org>
> >
> > Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
>
> Should these items be added to the buildtools-tarball target? It might help
> avoid the problem in the same way we already do to detect the bad make,
> tar, etc..
To be honest I'd rather not try to work around misconfiguration such as this.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-core
mailing list