Removes /dev/null if build with root privileges

Automatically imported from Debian bug report #336710 http://bugs.debian.org/336710

Message-Id: <email address hidden>
Date: Tue, 01 Nov 2005 02:57:17 +0100
From: Frank Lichtenheld <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Removes /dev/null if build with root privileges

Package: procps
Version: 1:3.2.5-1
Severity: serious

procps has the following code in its Makefile:

check_gcc = $(shell if $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) dummy.c $(ALL_LDFLAGS) $(1) -o /dev/null $(CURSES) > /dev/null 2>&1; then echo "$(1)"; else echo "$(2)"; fi ;)

There is a problem with this code: If run with root privileges
(e.g. by building the package with sudo) and the gcc call fails, gcc
will delete the output file, which is /dev/null.
(The package in incoming has the same code, in case you wonder about the
version number)

It would certainly be better to use a temporary file as destination.

High severity since at least the mips(el) buildds currently use sudo and
were hit by the problem.

Gruesse,
 Frank Lichtenheld

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages procps depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libncurses5 5.4-9 Shared libraries for terminal hand

Versions of packages procps recommends:
ii psmisc 21.6-1 Utilities that use the proc filesy

-- no debconf information

Message-ID: <email address hidden>
Date: Tue, 1 Nov 2005 00:10:14 -0400
From: Albert Cahalan <email address hidden>
To: <email address hidden>
Subject: don't do that

Sure, this ought to be fixed to use gcc's option to not delete files, but..=
.

You really need to stop building stuff as root. That's nuts. This is not
a Windows system. Use the fakeroot tools if you must, but that should
not be required. There are lots of errors that could wipe out /dev/null,
and even worse, so we have this idea of not using the root account to
do random odd unprivileged tasks. Some call it "least privilege".

Here's a classic disaster you'll love:

rm -rf $FOO/*

What if $FOO is not set?

Ubuntu buildds use fakeroot

(In reply to comment #3)
> Ubuntu buildds use fakeroot

However, we do support local rebuilds of packages as well.

(I read ubuntu-bugs - no need to subscribe)

Message-ID: <email address hidden>
Date: Tue, 20 Dec 2005 03:23:17 +0100
From: Niv Altivanik (Debian) <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: 336710 patch

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=

Tags 336710 patch
thank

Here's the patch implementing the proposed solution,

Regards,

--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline; filename=procps-336710.patch
Content-Transfer-Encoding: quoted-printable

diff -Nru procps-3.2.6/debian/patches/00list procps-3.2.6.patched/debian/pa=
tches/00list
=2D-- procps-3.2.6/debian/patches/00list 2005-12-20 03:00:14.000000000 +0100
+++ procps-3.2.6.patched/debian/patches/00list 2005-12-20 03:01:17.00000000=
0 +0100
@@ -9,3 +9,4 @@
 30_w-columns
 40_gnu-kbsd
 40_pgrep-coption
+50_dev_null_makefile_fix.dpatch
diff -Nru procps-3.2.6/debian/patches/50_dev_null_makefile_fix.dpatch procp=
s-3.2.6.patched/debian/patches/50_dev_null_makefile_fix.dpatch
=2D-- procps-3.2.6/debian/patches/50_dev_null_makefile_fix.dpatch 1970-01-0=
1 01:00:00.000000000 +0100
+++ procps-3.2.6.patched/debian/patches/50_dev_null_makefile_fix.dpatch 200=
5-12-20 02:57:47.000000000 +0100
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## dev_null_makefile_fix.dpatch by <xaiki@gonzo>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad procps-3.2.6~/Makefile procps-3.2.6/Makefile
+--- procps-3.2.6~/Makefile 2005-10-30 07:27:04.000000000 +0100
++++ procps-3.2.6/Makefile 2005-12-20 02:57:41.000000000 +0100
+@@ -119,7 +119,7 @@
+ # Unlike the kernel one, this check_gcc goes all the way to
+ # producing an executable. There might be a -m64 that works
+ # until you go looking for a 64-bit curses library.
+-check_gcc =3D $(shell if $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) dummy.c $(AL=
L_LDFLAGS) $(1) -o /dev/null $(CURSES) > /dev/null 2>&1; then echo "$(1)"; =
else echo "$(2)"; fi ;)
++check_gcc =3D $(shell if $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) dummy.c $(AL=
L_LDFLAGS) $(1) -o will_this_file_really_exist.tmp $(CURSES) > /dev/null 2>=
&1; then echo "$(1)"; else echo "$(2)"; fi ; rm -f will_this_file_really_ex=
ist.tmp)
+=20
+ # Be 64-bit if at all possible. In a cross-compiling situation, one may
+ # do "make m64=3D-m32 lib64=3Dlib" to produce 32-bit executables. DO NOT

--=-=-=
Content-Transfer-Encoding: quoted-printable

=2D-=20
Niv Sardi-Altivanik <email address hidden>
Debian::GNU/Linux::Addict, Wannabe Debian Developper,=20
please test my packages: http://cxhome.ath.cx/debian
> Random Fortune (To make your day better if not wiser) <=20
You will pioneer the first Martian colony.

--=-=-=--

--==-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBDp2sdz5U+dsJLkBgRAgUvAKDBenNrATMgcNtgewHFfC41YARP5gCeILwM
CslmzrYhJ4+C1f/P0rgzCD4=
=SfRJ
-----END PGP SIGNATURE-----
--==-=-=--

This is fixed in Debian, and we should merge the fix

The fix was merged into 3.2.6-2.1 in Debian; the patch is included in the current Edgy release (3.2.7-2ubuntu1), but has not been backported to Dapper (3.2.6-2ubuntu4) as of now.