From ee2da812b2b5f4354c02747743a1a2009541713c Mon Sep 17 00:00:00 2001
From: codehelp <codehelp@debian.org>
Date: Sun, 1 Nov 2009 14:58:54 +0000
Subject: [PATCH] Check for symlinks from lib64 to /lib and warn if not unset.
 (Closes: #553599)

git-svn-id: http://emdebian.org/svn/current@6659 563faec7-e20c-0410-992a-a66f704d0ccd
---
 debian/changelog |  4 +++-
 em_multistrap    | 52 +++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c71da30..96cbc13 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
 emdebian-rootfs (2.0.4) unstable; urgency=low
 
   * [INTL:fr] French manpage translation update (Closes: #552198)
+  * Check for symlinks from lib64 to /lib and warn if not unset.
+    (Closes: #553599)
 
- -- Neil Williams <codehelp@debian.org>  Sat, 24 Oct 2009 20:09:22 +0100
+ -- Neil Williams <codehelp@debian.org>  Sun, 01 Nov 2009 14:52:05 +0000
 
 emdebian-rootfs (2.0.3) unstable; urgency=low
 
diff --git a/em_multistrap b/em_multistrap
index 1a29730..8e3dc7f 100755
--- a/em_multistrap
+++ b/em_multistrap
@@ -170,6 +170,31 @@ if (not -d "${dir}dev") {
 	mkdir "${dir}dev";
 }
 
+# prevent the absolute symlink in libc6 from allowing
+# writes outside the multistrap root dir. See: #553599
+if (-l "${dir}lib64" ) {
+	my $r = readlink "${dir}lib64";
+	if ($r =~ m:^/:)
+	{
+		my $old = `pwd`;
+		chomp ($old);
+		unlink "${dir}lib64";
+		chdir ("$dir");
+		print "INF: ./lib64 -> /lib symbolic link reset to ./lib.\n";
+		symlink "./lib", "lib64";
+		chdir ("${old}");
+	}
+}
+else
+{
+		my $old = `pwd`;
+		chomp ($old);
+		chdir ("$dir");
+		print "INF: Setting ./lib64 -> ./lib symbolic link.\n";
+		symlink "./lib", "lib64";
+		chdir ("${old}");
+}
+
 unlink ("${dir}etc/apt/sources.list.d/multistrap.sources.list")
 	if (-f "${dir}etc/apt/sources.list.d/multistrap.sources.list");
 unlink ("${dir}etc/apt/sources.list")
@@ -265,7 +290,18 @@ die ("apt download failed. Exit value: ".($retval/256)."\n")
 system ("touch ${dir}${libdir}lists/lock");
 &native if (not defined ($foreign));
 (not defined $tidy) ? system ("apt-get $config_str update") : &tidy_apt;
-printf ("\nMultistrap system installed successfully in %s.\n\n", $dir);
+if (-l "${dir}lib64" ) {
+	my $r = readlink "${dir}lib64";
+	if ($r =~ m:^/:)
+	{
+		print "ERR: ./lib64 -> /lib symbolic link reset to ./lib after unpacking.\n";
+		printf ("ERR: Some files may have been unpacked outside %s!\n", $dir);
+	}
+	else
+	{
+		printf ("\nMultistrap system installed successfully in %s.\n\n", $dir);
+	}
+}
 exit 0;
 
 sub force_unpack
@@ -380,6 +416,20 @@ sub force_unpack
 		print STATUS "\n";
 		close (STATUS);
 		system ("rm -rf ./${tmpdir}");
+		if (-l "${dir}lib64" ) {
+			my $r = readlink "${dir}lib64";
+			if ($r =~ m:^/:)
+			{
+				my $old = `pwd`;
+				chomp ($old);
+				printf ("ERR: lib64 -> ./lib symbolic link clobbered by %s\n", $pkg);
+				unlink "${dir}lib64";
+				chdir ("$dir");
+				print "INF: lib64 -> /lib symbolic link reset to ./lib.\n";
+				symlink "./lib", "lib64";
+				chdir ("${old}");
+			}
+		}
 	}
 	chdir ("$old");
 	print "I: Unpacking complete.\n";