Changeset 135851


Ignore:
Timestamp:
May 5, 2015, 5:33:30 PM (5 years ago)
Author:
cal@…
Message:

base: Avoid overlap between existsuser/existsgroup error code and root/wheel's UID/GID, closes #45737

Return -1 from existsuser and existsgroup when a user or group does not exist.
Because these commands return the UID or GID in case of success, they could not
be used to check for the existence of the root user or the wheel group (UID/GID
0).

Since existsuser and existsgroup are used in adduser and addgroup in
port1.0/portutil.tcl, putting add_user root into a Portfile would make MacPorts
trash the system's root user by replacing it with a new user with a non-zero
UID, effectively stripping the root user from its privileges.

This caused a problem in the dbus port when installed in a root MacPorts
installation with the +no_root variant, which is explained in #45737.

Location:
trunk/base/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/base/src/pextlib1.0/Pextlib.c

    r135850 r135851  
    217217
    218218    if (pwent == NULL) {
    219         tcl_result = Tcl_NewIntObj(0);
     219        tcl_result = Tcl_NewIntObj(-1);
    220220    } else {
    221221        tcl_result = Tcl_NewIntObj(pwent->pw_uid);
     
    245245
    246246    if (grent == NULL) {
    247         tcl_result = Tcl_NewIntObj(0);
     247        tcl_result = Tcl_NewIntObj(-1);
    248248    } else {
    249249        tcl_result = Tcl_NewIntObj(grent->gr_gid);
  • trunk/base/src/port1.0/portutil.tcl

    r134838 r135851  
    23672367    }
    23682368
    2369     if {[existsuser ${name}] != 0 || [existsuser ${uid}] != 0} {
     2369    if {[existsuser ${name}] != -1 || [existsuser ${uid}] != -1} {
    23702370        return
    23712371    }
     
    24752475    }
    24762476
    2477     if {[existsgroup ${name}] != 0 || [existsgroup ${gid}] != 0} {
     2477    if {[existsgroup ${name}] != -1 || [existsgroup ${gid}] != -1} {
    24782478        return
    24792479    }
     
    30433043    global macportsuser
    30443044    if {[getuid] == 0 && $macportsuser ne "root" &&
    3045         ([existsuser $macportsuser] == 0 || [existsgroup $macportsuser] == 0 )} {
     3045        ([existsuser $macportsuser] == -1 || [existsgroup $macportsuser] == -1)} {
    30463046        ui_warn "configured user/group $macportsuser does not exist, will build as root"
    30473047        set macportsuser "root"
Note: See TracChangeset for help on using the changeset viewer.