diff options
author | Jory A. Pratt <anarchy@gentoo.org> | 2015-08-28 22:49:30 -0500 |
---|---|---|
committer | Jory A. Pratt <anarchy@gentoo.org> | 2015-08-28 22:49:30 -0500 |
commit | 543a9a0f3a27d387dbba0a92c2ac85e2dd71a73f (patch) | |
tree | 03b38ef80ec4f05275e13c27b0d37d9e10977fd0 /sys-apps/sandbox/files/sandbox-2.6-log-var.patch | |
parent | Fix texturepacker dep (diff) | |
download | anarchy-543a9a0f3a27d387dbba0a92c2ac85e2dd71a73f.tar.gz anarchy-543a9a0f3a27d387dbba0a92c2ac85e2dd71a73f.tar.bz2 anarchy-543a9a0f3a27d387dbba0a92c2ac85e2dd71a73f.zip |
remove sandbox hacks
Diffstat (limited to 'sys-apps/sandbox/files/sandbox-2.6-log-var.patch')
-rw-r--r-- | sys-apps/sandbox/files/sandbox-2.6-log-var.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/sys-apps/sandbox/files/sandbox-2.6-log-var.patch b/sys-apps/sandbox/files/sandbox-2.6-log-var.patch deleted file mode 100644 index bfea9e5..0000000 --- a/sys-apps/sandbox/files/sandbox-2.6-log-var.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 853b42c86432eefc6d4cfba86197fb37d446366d Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sun, 3 Mar 2013 05:34:09 -0500 -Subject: [PATCH] sandbox: accept SANDBOX_LOG vars whatever their values - -Commit 40abb498ca4a24495fe34e133379382ce8c3eaca subtly broke the sandbox -with portage. It changed how the sandbox log env var was accessed by -moving from getenv() to get_sandbox_log(). The latter has path checking -and will kick out values that contain a slash. That means every time a -new process starts, a new sandbox log path will be generated, and when a -program triggers a violation, it'll write to the new file. Meanwhile, -portage itself watches the original one which never gets updated. - -This code has been around forever w/out documentation, and I can't think -of a reason we need it. So punt it. - -Signed-off-by: Mike Frysinger <vapier@gentoo.org> ---- - libsbutil/get_sandbox_log.c | 14 +++++--------- - 1 file changed, 5 insertions(+), 9 deletions(-) - -diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c -index a79b399..bdb4278 100644 ---- a/libsbutil/get_sandbox_log.c -+++ b/libsbutil/get_sandbox_log.c -@@ -21,17 +21,13 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c - - sandbox_log_env = getenv(env); - -- if (sandbox_log_env && is_env_on(ENV_SANDBOX_TESTING)) { -- /* When testing, just use what the env says to */ -+ if (sandbox_log_env) { -+ /* If the env is viable, roll with it. We aren't really -+ * about people breaking the security of the sandbox by -+ * exporting SANDBOX_LOG=/dev/null. -+ */ - strncpy(path, sandbox_log_env, SB_PATH_MAX); - } else { -- /* THIS CHUNK BREAK THINGS BY DOING THIS: -- * SANDBOX_LOG=/tmp/sandbox-app-admin/superadduser-1.0.7-11063.log -- */ -- if ((NULL != sandbox_log_env) && -- (NULL != strchr(sandbox_log_env, '/'))) -- sandbox_log_env = NULL; -- - snprintf(path, SB_PATH_MAX, "%s%s%s%s%d%s", - SANDBOX_LOG_LOCATION, prefix, - (sandbox_log_env == NULL ? "" : sandbox_log_env), --- -1.8.1.2 - |