Permalink
Browse files

mdev-bb bump.

  • Loading branch information...
1 parent 5bb800a commit c09a73b4267b93c611cf175ce5c402cde7e5ade4 Piotr Karbowski committed Dec 21, 2012
Showing with 110 additions and 0 deletions.
  1. +31 −0 sys-fs/mdev-bb/files/mdev-umask-077.patch
  2. +79 −0 sys-fs/mdev-bb/mdev-bb-1.20.2-r1.ebuild
@@ -0,0 +1,31 @@
+From a5f05ba5c03cd8b6d1e384b25a28013619329b48 Mon Sep 17 00:00:00 2001
+From: Piotr Karbowski <piotr.karbowski@gmail.com>
+Date: Fri, 21 Dec 2012 15:54:07 +0100
+Subject: [PATCH] umask(077) as a workaround for security vuln.
+
+Mdev seems to alter permissions of created dirs. Example:
+microcode root:root 600 =cpu/
+cpu([0-9]+) root:root 600 =cpu/%1/cpuid
+msr([0-9]+) root:root 600 =cpu/%1/msr
+
+will make /dev/cpu a world-writtable dir.
+---
+ util-linux/mdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util-linux/mdev.c b/util-linux/mdev.c
+index 79871d3..b85e2d7 100644
+--- a/util-linux/mdev.c
++++ b/util-linux/mdev.c
+@@ -823,7 +823,7 @@ int mdev_main(int argc UNUSED_PARAM, char **argv)
+ bb_sanitize_stdio();
+
+ /* Force the configuration file settings exactly */
+- umask(0);
++ umask(077);
+
+ xchdir("/dev");
+
+--
+1.8.0.2
+
@@ -0,0 +1,79 @@
+EAPI="4"
+inherit eutils flag-o-matic toolchain-funcs multilib
+
+DESCRIPTION="mdev from busybox."
+HOMEPAGE="http://www.busybox.net/"
+
+base='busybox'
+MY_P=${base}-${PV/_/-}
+
+SRC_URI="
+ http://www.busybox.net/downloads/${MY_P}.tar.bz2
+"
+KEYWORDS="~amd64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="static +mdev-like-a-boss"
+RESTRICT="test"
+
+RDEPEND="
+ !sys-apps/busybox[mdev]
+"
+DEPEND="${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.39"
+
+S=${WORKDIR}/${MY_P}
+
+src_configure() {
+ cat >"${S}/tmp.config" <<-END_OF_CONFIG
+ CONFIG_HAVE_DOT_CONFIG=y
+ CONFIG_USE_PORTABLE_CODE=y
+ CONFIG_PLATFORM_LINUX=y
+ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
+ CONFIG_SHOW_USAGE=y
+ CONFIG_FEATURE_VERBOSE_USAGE=y
+ CONFIG_FEATURE_COMPRESS_USAGE=y
+ CONFIG_UNICODE_SUPPORT=y
+ CONFIG_FEATURE_CHECK_UNICODE_IN_ENV=y
+ CONFIG_UNICODE_COMBINING_WCHARS=y
+ CONFIG_UNICODE_WIDE_WCHARS=y
+ CONFIG_LONG_OPTS=y
+ CONFIG_FEATURE_DEVPTS=y
+ CONFIG_LFS=y
+ CONFIG_NO_DEBUG_LIB=y
+ CONFIG_INSTALL_APPLET_SYMLINKS=y
+ CONFIG_MDEV=y
+ CONFIG_FEATURE_MDEV_CONF=y
+ CONFIG_FEATURE_MDEV_RENAME=y
+ CONFIG_FEATURE_MDEV_RENAME_REGEXP=y
+ CONFIG_FEATURE_MDEV_EXEC=y
+ CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y
+ CONFIG_FEATURE_SH_IS_NONE=y
+ CONFIG_FEATURE_BASH_IS_NONE=y"
+END_OF_CONFIG
+
+ if use static; then
+ echo 'CONFIG_STATIC=y' >> "${S}/tmp.config"
+ fi
+
+ # Landley's miniconfig. <3
+ make KCONFIG_ALLCONFIG='tmp.config' allnoconfig >/dev/null 2>&1
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/mdev-umask-077.patch"
+}
+
+src_install() {
+ mkdir "${D}/sbin" || die
+ cp busybox "${D}/sbin/mdev" || die
+ chmod 750 "${D}/sbin/mdev" || die
+}
+
+pkg_postinst() {
+ ewarn
+ ewarn "This is only mdev binary, for init script and confing you may want"
+ ewarn "to install mdev-like-a-boss package."
+ ewarn
+}

0 comments on commit c09a73b

Please sign in to comment.