dispatch-conf: restrict default archive-dir perms
Also, add warnings about rcs and ci behavior in dispatch-conf.conf and
dispatch-conf.1. This will fix bug #315603.
diff --git a/cnf/dispatch-conf.conf b/cnf/dispatch-conf.conf
index 33ad156..b51b61a 100644
--- a/cnf/dispatch-conf.conf
+++ b/cnf/dispatch-conf.conf
@@ -6,6 +6,14 @@
archive-dir=/etc/config-archive
# Use rcs for storing files in the archive directory?
+# WARNING: When configured to use rcs, read and execute permissions of
+# archived files may be inherited from the first check in of a working
+# file, as documented in the ci(1) man page. This means that even if
+# the permissions of the working file have since changed, the older
+# permissions of the first check in may be inherited. As mentioned in
+# the ci(1) man page, users can control access to RCS files by setting
+# the permissions of the directory containing the files (see
+# archive-dir above).
# (yes or no)
use-rcs=no
diff --git a/man/dispatch-conf.1 b/man/dispatch-conf.1
index b156292..b82c215 100644
--- a/man/dispatch-conf.1
+++ b/man/dispatch-conf.1
@@ -1,4 +1,4 @@
-.TH "DISPATCH-CONF" "1" "Aug 2008" "Portage VERSION" "Portage"
+.TH "DISPATCH-CONF" "1" "Jan 2011" "Portage VERSION" "Portage"
.SH NAME
dispatch-conf \- Sanely update configuration files after emerging new packages
.SH SYNOPSIS
@@ -73,6 +73,16 @@
.B q
Quit
.I dispatch-conf.
+.SH FILE MODES
+\fBWARNING:\fR When \fB/etc/dispatch\-conf.conf\fR is configured
+to use \fBrcs\fR(1), read and execute permissions of archived
+files may be inherited from the first check in of a working file,
+as documented in the \fBci\fR(1) man page. This means that even
+if the permissions of the working file have since changed, the
+older permissions of the first check in may be inherited. As
+mentioned in the \fBci\fR(1) man page, users can control access
+to RCS files by setting the permissions of the directory
+containing the files.
.SH "REPORTING BUGS"
Please report bugs via http://bugs.gentoo.org/
.SH AUTHORS
@@ -88,4 +98,6 @@
Configuration settings for \fIdispatch-conf\fR are stored here.
.SH "SEE ALSO"
.BR make.conf (5),
-.BR etc-update (1)
+.BR ci (1),
+.BR etc-update (1),
+.BR rcs (1)
diff --git a/pym/portage/dispatch_conf.py b/pym/portage/dispatch_conf.py
index 5724d91..228638c 100644
--- a/pym/portage/dispatch_conf.py
+++ b/pym/portage/dispatch_conf.py
@@ -1,5 +1,5 @@
# archive_conf.py -- functionality common to archive-conf and dispatch-conf
-# Copyright 2003-2004 Gentoo Foundation
+# Copyright 2003-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
@@ -64,6 +64,9 @@
if not os.path.exists(opts['archive-dir']):
os.mkdir(opts['archive-dir'])
+ # Use restrictive permissions by default, in order to protect
+ # against vulnerabilities (like bug #315603 involving rcs).
+ os.chmod(opts['archive-dir'], 0o700)
elif not os.path.isdir(opts['archive-dir']):
print(_('dispatch-conf: Config archive dir [%s] must exist; fatal') % (opts['archive-dir'],), file=sys.stderr)
sys.exit(1)
