Opened 6 months ago

Last modified 6 months ago

#70016 new defect

destroot phase does not confine process to destroot directory

Reported by: mohd-akram (Mohamed Akram) Owned by:
Priority: High Milestone:
Component: base Version: 2.9.3
Keywords: Cc:
Port:

Description

Currently, a portfile can write to anywhere outside the destroot directory in the destroot phase. This is problematic because a port might not have proper support for DESTDIR and might end up polluting directories outside its scope. It's also problematic to have this phase run as root which I imagine is not necessary in 99% of cases, and in cases where it might be necessary (eg. chown, chmod), that should be handled in a declarative manner ideally or at the very minimum be opt-in via destroot.asroot until that option is available.

Change History (1)

comment:1 Changed 6 months ago by jmroot (Joshua Root)

Sandboxing does prevent writing outside the workpath for commands run with system, though not for native Tcl commands the Portfile may run.

Note: See TracTickets for help on using tickets.