Namespace sanitizing, step 1

svn path=/main/trunk/; revision=5778

1 files changed, 126 insertions, 0 deletions

diff --git a/pym/portage/data.py b/pym/portage/data.py
new file mode 100644
index 00000000..707c76b2
--- /dev/null
+++ b/pym/portage/data.py
@@ -0,0 +1,126 @@
+# portage_data.py -- Calculated/Discovered Data Values
+# Copyright 1998-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+if not hasattr(__builtins__, "set"):
+	from sets import Set as set
+
+import os,pwd,grp
+from portage_util import writemsg
+from output import green,red
+from output import create_color_func
+bad = create_color_func("BAD")
+
+ostype=os.uname()[0]
+
+lchown = None
+if ostype=="Linux" or ostype.lower().endswith("gnu"):
+	userland="GNU"
+	os.environ["XARGS"]="xargs -r"
+elif ostype == "Darwin":
+	userland="Darwin"
+	os.environ["XARGS"]="xargs"
+	def lchown(*pos_args, **key_args):
+		pass
+elif ostype.endswith("BSD") or ostype =="DragonFly":
+	userland="BSD"
+	os.environ["XARGS"]="xargs"
+else:
+	writemsg(red("Operating system")+" \""+ostype+"\" "+red("currently unsupported. Exiting.")+"\n")
+	sys.exit(1)
+
+if not lchown:
+	if "lchown" in dir(os):
+		# Included in python-2.3
+		lchown = os.lchown
+	else:
+		try:
+			import missingos
+			lchown = missingos.lchown
+		except ImportError:
+			def lchown(*pos_args, **key_args):
+				writemsg(red("!!!") + " It seems that os.lchown does not" + \
+					" exist.  Please rebuild python.\n", noiselevel=-1)
+			lchown()
+
+os.environ["USERLAND"]=userland
+
+def portage_group_warning():
+	warn_prefix = bad("*** WARNING ***  ")
+	mylines = [
+		"For security reasons, only system administrators should be",
+		"allowed in the portage group.  Untrusted users or processes",
+		"can potentially exploit the portage group for attacks such as",
+		"local privilege escalation."
+	]
+	for x in mylines:
+		writemsg(warn_prefix, noiselevel=-1)
+		writemsg(x, noiselevel=-1)
+		writemsg("\n", noiselevel=-1)
+	writemsg("\n", noiselevel=-1)
+
+# Portage has 3 security levels that depend on the uid and gid of the main
+# process and are assigned according to the following table:
+#
+# Privileges  secpass  uid    gid
+# normal      0        any    any
+# group       1        any    portage_gid
+# super       2        0      any
+#
+# If the "wheel" group does not exist then wheelgid falls back to 0.
+# If the "portage" group does not exist then portage_uid falls back to wheelgid.
+
+secpass=0
+
+uid=os.getuid()
+wheelgid=0
+
+if uid==0:
+	secpass=2
+try:
+	wheelgid=grp.getgrnam("wheel")[2]
+except KeyError:
+	writemsg("portage initialization: your system doesn't have a 'wheel' group.\n")
+	writemsg("Please fix this as it is a normal system requirement. 'wheel' is GID 10\n")
+	writemsg("`emerge baselayout` and a config update with dispatch-conf, etc-update\n")
+	writemsg("or cfg-update should remedy this problem.\n")
+	pass
+
+#Discover the uid and gid of the portage user/group
+try:
+	portage_uid=pwd.getpwnam("portage")[2]
+	portage_gid=grp.getgrnam("portage")[2]
+	if secpass < 1 and portage_gid in os.getgroups():
+		secpass=1
+except KeyError:
+	portage_uid=0
+	portage_gid=0
+	writemsg("\n")
+	writemsg(  red("portage: 'portage' user or group missing. Please update baselayout\n"))
+	writemsg(  red("         and merge portage user(250) and group(250) into your passwd\n"))
+	writemsg(  red("         and group files. Non-root compilation is disabled until then.\n"))
+	writemsg(      "         Also note that non-root/wheel users will need to be added to\n")
+	writemsg(      "         the portage group to do portage commands.\n")
+	writemsg("\n")
+	writemsg(      "         For the defaults, line 1 goes into passwd, and 2 into group.\n")
+	writemsg(green("         portage:x:250:250:portage:/var/tmp/portage:/bin/false\n"))
+	writemsg(green("         portage::250:portage\n"))
+	writemsg("\n")
+	portage_group_warning()
+
+userpriv_groups = [portage_gid]
+if secpass >= 2:
+	# Get a list of group IDs for the portage user.  Do not use grp.getgrall()
+	# since it is known to trigger spurious SIGPIPE problems with nss_ldap.
+	from commands import getstatusoutput
+	mystatus, myoutput = getstatusoutput("id -G portage")
+	if mystatus == os.EX_OK:
+		for x in myoutput.split():
+			try:
+				userpriv_groups.append(int(x))
+			except ValueError:
+				pass
+			del x
+		userpriv_groups = list(set(userpriv_groups))
+	del getstatusoutput, mystatus, myoutput