* [PATCH v2 0/2] sanity.bbclass fixes
@ 2013-08-01 17:17 Paul Eggleton
2013-08-01 17:17 ` [PATCH v2 1/2] classes/sanity: check for suid root command evility Paul Eggleton
2013-08-01 17:17 ` [PATCH v2 2/2] classes/sanity: fix some grammatical errors in messages Paul Eggleton
0 siblings, 2 replies; 3+ messages in thread
From: Paul Eggleton @ 2013-08-01 17:17 UTC (permalink / raw)
To: openembedded-core
Changes since v1:
* Change the suid root binary check to a run-once check to be consistent
with other similar checks
* Add a patch fixing grammatical errors in messages
The following changes since commit f192c444c2d88c49738bea4ff4c3af0cc72916de:
texinfo: Update to 5.1 (2013-07-31 06:56:28 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib paule/sanity
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/sanity
Paul Eggleton (2):
classes/sanity: check for suid root command evility
classes/sanity: fix some grammatical errors in messages
meta/classes/sanity.bbclass | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--
1.8.1.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v2 1/2] classes/sanity: check for suid root command evility
2013-08-01 17:17 [PATCH v2 0/2] sanity.bbclass fixes Paul Eggleton
@ 2013-08-01 17:17 ` Paul Eggleton
2013-08-01 17:17 ` [PATCH v2 2/2] classes/sanity: fix some grammatical errors in messages Paul Eggleton
1 sibling, 0 replies; 3+ messages in thread
From: Paul Eggleton @ 2013-08-01 17:17 UTC (permalink / raw)
To: openembedded-core
Some users have been found to have an unnamed third-party piece of
software installed which sets chmod, chown and mknod as suid root as
part of its installation process. This interferes with the operation of
pseudo and can result in files really being owned by root within the
build output, and therefore breaks the build, apart from being a
security issue. Check for this and bail out if it is found.
Reported-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
meta/classes/sanity.bbclass | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 08ab1b7..cc67490 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -530,6 +530,16 @@ def check_sanity_version_change(status, d):
tmpdir = d.getVar('TMPDIR', True)
status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
+ # Some third-party software apparently relies on chmod etc. being suid root (!!)
+ import stat
+ suid_check_bins = "chown chmod mknod".split()
+ for bin_cmd in suid_check_bins:
+ bin_path = bb.utils.which(os.environ["PATH"], bin_cmd)
+ if bin_path:
+ bin_stat = os.stat(bin_path)
+ if bin_stat.st_uid == 0 and bin_stat.st_mode & stat.S_ISUID:
+ status.addresult('%s has the setuid bit set. This interferes with pseudo and may cause other issues that break the build process.\n' % bin_path)
+
# Check that we can fetch from various network transports
netcheck = check_connectivity(d)
status.addresult(netcheck)
--
1.8.1.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v2 2/2] classes/sanity: fix some grammatical errors in messages
2013-08-01 17:17 [PATCH v2 0/2] sanity.bbclass fixes Paul Eggleton
2013-08-01 17:17 ` [PATCH v2 1/2] classes/sanity: check for suid root command evility Paul Eggleton
@ 2013-08-01 17:17 ` Paul Eggleton
1 sibling, 0 replies; 3+ messages in thread
From: Paul Eggleton @ 2013-08-01 17:17 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
meta/classes/sanity.bbclass | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index cc67490..4df3ca8 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -522,7 +522,7 @@ def check_sanity_version_change(status, d):
status.addresult("Your gcc version is older than 4.5, please add the following param to local.conf\n \
%s\n" % message)
if not result:
- status.addresult("Your gcc version is older then 4.5 or is not working properly. Please verify you can build")
+ status.addresult("Your gcc version is older than 4.5 or is not working properly. Please verify you can build")
status.addresult(" and link something that uses atomic operations, such as: \n")
status.addresult(" __sync_bool_compare_and_swap (&atomic, 2, 3);\n")
@@ -567,7 +567,7 @@ def check_sanity_version_change(status, d):
oes_bb_conf = d.getVar( 'OES_BITBAKE_CONF', True)
if not oes_bb_conf:
- status.addresult('You do not include the OpenEmbedded version of conf/bitbake.conf. This means your environment is misconfigured, in particular check BBPATH.\n')
+ status.addresult('You are not using the OpenEmbedded version of conf/bitbake.conf. This means your environment is misconfigured, in particular check BBPATH.\n')
# The length of tmpdir can't be longer than 410
status.addresult(check_path_length(tmpdir, "TMPDIR", 410))
@@ -631,7 +631,7 @@ def check_sanity_everybuild(status, d):
if d.getVar( 'IMAGETEST', True ) == 'qemu':
display = d.getVar("BB_ORIGENV", False).getVar("DISPLAY", True)
if not display:
- status.addresult('qemuimagetest needs a X desktop to start qemu, please set DISPLAY correctly (e.g. DISPLAY=:1.0)\n')
+ status.addresult('qemuimagetest needs an X desktop to start qemu, please set DISPLAY correctly (e.g. DISPLAY=:1.0)\n')
omask = os.umask(022)
if omask & 0755:
--
1.8.1.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-08-01 17:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-08-01 17:17 [PATCH v2 0/2] sanity.bbclass fixes Paul Eggleton
2013-08-01 17:17 ` [PATCH v2 1/2] classes/sanity: check for suid root command evility Paul Eggleton
2013-08-01 17:17 ` [PATCH v2 2/2] classes/sanity: fix some grammatical errors in messages Paul Eggleton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox