From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 16:26:11 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74D92E56D08 for ; Mon, 4 Dec 2017 16:26:11 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from mx.ixsystems.com (mx.ixsystems.com [12.229.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN ".", Issuer "." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 503146E807 for ; Mon, 4 Dec 2017 16:26:11 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx.ixsystems.com (Postfix) with ESMTP id 3yr9H709jJzCsV5 for ; Mon, 4 Dec 2017 08:26:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ixsystems.com; h=content-language:content-transfer-encoding:content-type :content-type:mime-version:user-agent:date:date:message-id :subject:subject:from:from:received:received:received:received :received:received:received; s=dkim; t=1512404759; x=1514219160; bh=Md1NUUhXOTch6JkY3jkFRxcd9FXTd4hLKL5Urb6h+WY=; b=gGe2D8iqtAdD U3ccSic5EAqSON5zARYESQ5LOv05C02tDuqLwNphrytNGfAFPykeebyGUPTj/p4u mjhxhLI58QbjkbmvuPw6KiBGHFU8rIKP1IUn8DwgemsG3Hxm9W9JTAqgJPjv05u1 B+cPr/QqmDDLVF2IezUgB69Swnywx2vsWqs+3jZY5TdX6KbYkN6VDFRTX9R0mXS1 yed2sufKj2ZtW/NdvvF/zJXfcS9cySx5IUBE5LCza23LZ9nnUXn0j5q40pRbnmWG 4ydj2DmKb4zh2EX5IbVS834699+Id12+VIItwq3iiYmc/pSC24rc4HikIoAmGxRT KDh6pxxXkg== X-Amavis-Modified: Mail body modified (using disclaimer) - mx.ixsystems.com X-Virus-Scanned: Scrollout F1 at ixsystems.com Received: from mx.ixsystems.com ([127.0.0.1]) by localhost (mx.ixsystems.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 2sfsz8qbF5bt for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) Received: from zm01.ixsystems.com (unknown [10.246.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ixsystems.com (Postfix) with ESMTPS id 3yr9Gv5CzszD97V for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id B0A881A114B for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ZpJ0d_VpHge7 for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 789DF1A1167 for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) X-Virus-Scanned: amavisd-new at ixsystems.com Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nVLyI5S6aKvd for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) Received: from [10.231.1.89] (unknown [10.231.1.89]) by zm01.ixsystems.com (Postfix) with ESMTPSA id 3F2241A114B for ; Mon, 4 Dec 2017 08:25:59 -0800 (PST) To: freebsd-pkgbase@freebsd.org From: Kris Moore Subject: Recent issue with pkg base missing setuid Message-ID: Date: Mon, 4 Dec 2017 11:25:48 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 16:26:11 -0000 Anybody else noticed a recent regression (say past month or so) where pkg base of latest HEAD is now failing to throw setuid on some files? We saw it at first because /sbin/shutdown lost its setuid bit, so users can't shutdown the box. I rolled back pkg to 1.10.1 which was working, and that didn't seem to make a difference. Now I suspect something in HEAD itself changed, but for the life of me can't find where. -- Kris Moore Director of Engineering iXsystems Enterprise Storage & Servers Driven By Open Source From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 16:37:44 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29465E5D1E4 for ; Mon, 4 Dec 2017 16:37:44 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0264F6F080 for ; Mon, 4 Dec 2017 16:37:43 +0000 (UTC) (envelope-from brd@FreeBSD.org) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailnew.nyi.internal (Postfix) with ESMTP id 1D186137D for ; Mon, 4 Dec 2017 11:37:43 -0500 (EST) Received: from web1 ([10.202.2.211]) by compute5.internal (MEProxy); Mon, 04 Dec 2017 11:37:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=PfQBfg V958ABrgD18bwTPSaE4oyeVjK85qudAHhXeKE=; b=XZIngxKFCC7Lk74hVjx7DH 6vzqKlaY2b8snxntg/6kR0SixucffaIJL728llsbJ5mFtnqj4VL8MEm2ougGMClg QpJVuspypi0cFqCFV3kYJZvXjDYc8RcynxuFr7g/4T+RepLNRJGwAKlBMu3jbP+o KXplTghpFTCxtgQvvdNf7/VuCuONjVx62ics6I71Sq/SlvGOuMnf774Fj7OxtV4M tIM2K6qIDOBh5BEwKHw+46+WhmAfILwuP5/NmehjzQ8RcCL4cDN8JquSf8eYO60G DgraCi9ON3Ror+kYpolxwj0NWcqPUNCBV7zuctscYOi0Su7Q9uINafCxX7cHlZNw == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id B9886940CA; Mon, 4 Dec 2017 11:37:42 -0500 (EST) Message-Id: <1512405462.2943219.1193522088.5FC897E6@webmail.messagingengine.com> From: Brad Davis To: freebsd-pkgbase@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-1b87d328 In-Reply-To: References: Subject: Re: Recent issue with pkg base missing setuid Date: Mon, 04 Dec 2017 09:37:42 -0700 X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 16:37:44 -0000 On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > Anybody else noticed a recent regression (say past month or so) where > pkg base of latest HEAD is now failing to throw setuid on some files? We > saw it at first because /sbin/shutdown lost its setuid bit, so users > can't shutdown the box. I rolled back pkg to 1.10.1 which was working, > and that didn't seem to make a difference. Now I suspect something in > HEAD itself changed, but for the life of me can't find where. Hey Kris, Can you look at the plist file and see if it is correctly flagging the file there? Regards, Brad Davis From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 17:47:01 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CD68E5F7AA for ; Mon, 4 Dec 2017 17:47:01 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from mx.ixsystems.com (mx.ixsystems.com [12.229.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN ".", Issuer "." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 23645729D2 for ; Mon, 4 Dec 2017 17:47:00 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx.ixsystems.com (Postfix) with ESMTP id 3yrC4N05zKzDKvm for ; Mon, 4 Dec 2017 09:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ixsystems.com; h=content-language:content-transfer-encoding:content-type :content-type:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:subject:subject:received :received:received:received:received:received:received; s=dkim; t=1512409608; x=1514224009; bh=qaGxmyGatvDwdyMa8RGmLlOGgMUjRfez dR0vfVD0VYs=; b=C4uz7Rnaltp5EJ9XttJOShmdn+k709T91aUQDJUHxKK19gJQ 565gsvxMN83QyBmcQKY2zxd4GHdYCGtF68S0THufLthzoGvK7zR2rRVyZlBw9BdU ET/W6ZjrfOLiT56ujvNdppuhW3C/xcmjQR9pCuWVXXy8RV3eroU+wPKyUF9D2Y0x 2XXqNXAYK1XdFoYfurb+8Y36t7hNpICckZMFvDrv7oYj0USwDpbuyxhTxIHOBwUI GTJymsNKrbtUIvo4Dd4GdTcOjWPKrVdeLGAyMlxbNxA2xMyaius5TVCGpgyOVKOu e11vQcgUxtKegNaIE/0lSxn9g14ZNqd4zozLsw== X-Amavis-Modified: Mail body modified (using disclaimer) - mx.ixsystems.com X-Virus-Scanned: Scrollout F1 at ixsystems.com Received: from mx.ixsystems.com ([127.0.0.1]) by localhost (mx.ixsystems.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iXY53DqvVDLy for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from zm01.ixsystems.com (unknown [10.246.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ixsystems.com (Postfix) with ESMTPS id 3yrC48367pzDNRV for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 4EA0E1A114C for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 1i_5VP-F8tUx for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 047C01A1167 for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) X-Virus-Scanned: amavisd-new at ixsystems.com Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6NGIcnGbdJM5 for ; Mon, 4 Dec 2017 09:46:47 -0800 (PST) Received: from [10.231.1.89] (unknown [10.231.1.89]) by zm01.ixsystems.com (Postfix) with ESMTPSA id BF4BA1A114C for ; Mon, 4 Dec 2017 09:46:47 -0800 (PST) Subject: Re: Recent issue with pkg base missing setuid To: freebsd-pkgbase@freebsd.org References: <1512405462.2943219.1193522088.5FC897E6@webmail.messagingengine.com> From: Kris Moore Message-ID: <2d0794a2-4a51-6a9f-a430-4f9657fd14eb@ixsystems.com> Date: Mon, 4 Dec 2017 12:46:37 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <1512405462.2943219.1193522088.5FC897E6@webmail.messagingengine.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 17:47:01 -0000 On 12/04/2017 11:37, Brad Davis wrote: > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: >> Anybody else noticed a recent regression (say past month or so) where >> pkg base of latest HEAD is now failing to throw setuid on some files? We >> saw it at first because /sbin/shutdown lost its setuid bit, so users >> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, >> and that didn't seem to make a difference. Now I suspect something in >> HEAD itself changed, but for the life of me can't find where. > Hey Kris, > > Can you look at the plist file and see if it is correctly flagging the > file there? > > > Regards, > Brad Davis > _______________________________________________ > freebsd-pkgbase@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" Here's what I have in the plist: @(root,operator,04554,) /sbin/shutdown I'll note that ping/ping6 also have similar, and they install setuid properly: @(root,wheel,04555,) /sbin/ping @(root,wheel,04555,) /sbin/ping6 Here's what I have in the pkg tarball: # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to /sbin/poweroff # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to /sbin/poweroff And installing it again sure enough gives version without setuid: # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz Installing FreeBSD-runtime-12.0.s20171204170123... package FreeBSD-runtime is already installed, forced install Extracting FreeBSD-runtime-12.0.s20171204170123: 100% [root@chimera] /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al /sbin/shutdown -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown -- Kris Moore Director of Engineering iXsystems Enterprise Storage & Servers Driven By Open Source From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 18:37:06 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 518BBE67D09 for ; Mon, 4 Dec 2017 18:37:06 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2B79A745E4; Mon, 4 Dec 2017 18:37:06 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 37F781F511; Mon, 4 Dec 2017 18:37:05 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 4 Dec 2017 18:37:03 +0000 From: Glen Barber To: Kris Moore Cc: freebsd-pkgbase@freebsd.org Subject: Re: Recent issue with pkg base missing setuid Message-ID: <20171204183703.GG22326@FreeBSD.org> References: <1512405462.2943219.1193522088.5FC897E6@webmail.messagingengine.com> <2d0794a2-4a51-6a9f-a430-4f9657fd14eb@ixsystems.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="kbCYTQG2MZjuOjyn" Content-Disposition: inline In-Reply-To: <2d0794a2-4a51-6a9f-a430-4f9657fd14eb@ixsystems.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 18:37:06 -0000 --kbCYTQG2MZjuOjyn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 04, 2017 at 12:46:37PM -0500, Kris Moore wrote: > On 12/04/2017 11:37, Brad Davis wrote: > > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > >> Anybody else noticed a recent regression (say past month or so) where > >> pkg base of latest HEAD is now failing to throw setuid on some files? = We > >> saw it at first because /sbin/shutdown lost its setuid bit, so users > >> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, > >> and that didn't seem to make a difference. Now I suspect something in > >> HEAD itself changed, but for the life of me can't find where. > > Hey Kris, > > > > Can you look at the plist file and see if it is correctly flagging the > > file there? > > > > > > Regards, > > Brad Davis > > _______________________________________________ > > freebsd-pkgbase@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.o= rg" >=20 > Here's what I have in the plist: >=20 > @(root,operator,04554,) /sbin/shutdown >=20 > I'll note that ping/ping6 also have similar, and they install setuid > properly: >=20 > @(root,wheel,04555,) /sbin/ping > @(root,wheel,04555,) /sbin/ping6 >=20 > Here's what I have in the pkg tarball: >=20 > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > /sbin/poweroff >=20 > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > /sbin/poweroff >=20 >=20 > And installing it again sure enough gives version without setuid: >=20 > # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > Installing FreeBSD-runtime-12.0.s20171204170123... > package FreeBSD-runtime is already installed, forced install > Extracting FreeBSD-runtime-12.0.s20171204170123: 100% >=20 > [root@chimera] > /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > /sbin/shutdown > -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown >=20 I think this is the problem. I believe /sbin/poweroff should be a hard link to /sbin/shutdown. Meaning, the links are reversed, so the setuid bit is lost because poweroff is not installed with the setuid bit. The only thing I can think of so far is r325859, which sorts the METALOG to ensure metadata reproducibility. Glen --kbCYTQG2MZjuOjyn Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlollcoACgkQAxRYpUeP 4pMZjg/+J49LFU3qXVdraH83rGC/DIrIQidUK24tWw2A/EMsXVsc7tzfTtB9gq4t xMRgcfIK1h+0x/6ruADheNrDif0fOWjFUNAQY/hKrJ6YqysTXFlrK3tbEowYw4uk WDTqmpU6VhJkaq1fVtRdBwcQtj8G7/mk0v+Jk2P6TQ5P+BiOXDJiitWqUDqEiW+m nmhgW7X1ScUCwtBjAwcyz+YQGuC3NDKZwHjQf0wxu9e0dormFu36A/P0gteDa3Nj ejuTBdf7ULSoY0ayWCnfjPCFddg7/73yElUer0088tEWOKvLrOnxopVVBCf7ZXb/ lDH2Ty3onLbS3WIcg/NYyklUL75+yr+SoQff58w3x5v86/gUTbTrH+Iby7u68wCD haGH/KSbAKHpgm/tcl0h0Uh9tr4Xe0mc4okyaCqKhlFSbHijCJB//1b7rVL1F38i 1nFgZ7HqEOYxzcef7rwmO3McrsZs9SRq+PQ0pujilWiyxJUYp3MWw8ERNz8CdjuS llTCkoomkgHsRmOXZ4BDEXWrep2YrVapCKoXmCv36PzOOKfeehuWAfTSwODIhPko 6XMVuYCNdKl5+mZQJU3RsHGg1SVzCyz2aIKUHHhdno+RE7uijRr/LvY2RIn8mDm/ 29inEEqCmEcJ6WGOyjIP5XSNI19tPanhe9GjJL4qQrN+vXyXfSI= =GbOL -----END PGP SIGNATURE----- --kbCYTQG2MZjuOjyn-- From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 18:46:59 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B59FE67EC7 for ; Mon, 4 Dec 2017 18:46:59 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1E68F74989; Mon, 4 Dec 2017 18:46:58 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id vB4Ikux2047327; Mon, 4 Dec 2017 10:46:56 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id vB4IkuiW047326; Mon, 4 Dec 2017 10:46:56 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201712041846.vB4IkuiW047326@pdx.rh.CN85.dnsmgr.net> Subject: Re: Recent issue with pkg base missing setuid In-Reply-To: <20171204183703.GG22326@FreeBSD.org> To: Glen Barber Date: Mon, 4 Dec 2017 10:46:56 -0800 (PST) CC: Kris Moore , freebsd-pkgbase@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 18:46:59 -0000 > On Mon, Dec 04, 2017 at 12:46:37PM -0500, Kris Moore wrote: > > On 12/04/2017 11:37, Brad Davis wrote: > > > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > > >> Anybody else noticed a recent regression (say past month or so) where > > >> pkg base of latest HEAD is now failing to throw setuid on some files? We > > >> saw it at first because /sbin/shutdown lost its setuid bit, so users > > >> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, > > >> and that didn't seem to make a difference. Now I suspect something in > > >> HEAD itself changed, but for the life of me can't find where. > > > Hey Kris, > > > > > > Can you look at the plist file and see if it is correctly flagging the > > > file there? > > > > > > > > > Regards, > > > Brad Davis > > > _______________________________________________ > > > freebsd-pkgbase@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > > > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" > > > > Here's what I have in the plist: > > > > @(root,operator,04554,) /sbin/shutdown > > > > I'll note that ping/ping6 also have similar, and they install setuid > > properly: > > > > @(root,wheel,04555,) /sbin/ping > > @(root,wheel,04555,) /sbin/ping6 > > > > Here's what I have in the pkg tarball: > > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > > /sbin/poweroff > > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > > -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > > /sbin/poweroff > > > > > > And installing it again sure enough gives version without setuid: > > > > # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > > Installing FreeBSD-runtime-12.0.s20171204170123... > > package FreeBSD-runtime is already installed, forced install > > Extracting FreeBSD-runtime-12.0.s20171204170123: 100% > > > > [root@chimera] > > /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > > /sbin/shutdown > > -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > > > > I think this is the problem. I believe /sbin/poweroff should be a hard > link to /sbin/shutdown. Meaning, the links are reversed, so the setuid > bit is lost because poweroff is not installed with the setuid bit. > > The only thing I can think of so far is r325859, which sorts the METALOG > to ensure metadata reproducibility. > > Glen > I do not believe that order is at issue here at all, or it shouldnt be, once the files are hardlinked any chown/chmod effects the one inode used by both files. -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 18:47:50 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08748E67F01 for ; Mon, 4 Dec 2017 18:47:50 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C2DAD749B2 for ; Mon, 4 Dec 2017 18:47:49 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id vB4IlmI0047341; Mon, 4 Dec 2017 10:47:48 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id vB4IlmP5047340; Mon, 4 Dec 2017 10:47:48 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net> Subject: Re: Recent issue with pkg base missing setuid In-Reply-To: <2d0794a2-4a51-6a9f-a430-4f9657fd14eb@ixsystems.com> To: Kris Moore Date: Mon, 4 Dec 2017 10:47:48 -0800 (PST) CC: freebsd-pkgbase@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 18:47:50 -0000 > On 12/04/2017 11:37, Brad Davis wrote: > > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > >> Anybody else noticed a recent regression (say past month or so) where > >> pkg base of latest HEAD is now failing to throw setuid on some files? We > >> saw it at first because /sbin/shutdown lost its setuid bit, so users > >> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, > >> and that didn't seem to make a difference. Now I suspect something in > >> HEAD itself changed, but for the life of me can't find where. > > Hey Kris, > > > > Can you look at the plist file and see if it is correctly flagging the > > file there? > > > > > > Regards, > > Brad Davis > > _______________________________________________ > > freebsd-pkgbase@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" > > Here's what I have in the plist: > > @(root,operator,04554,) /sbin/shutdown > > I'll note that ping/ping6 also have similar, and they install setuid > properly: > > @(root,wheel,04555,) /sbin/ping > @(root,wheel,04555,) /sbin/ping6 > > Here's what I have in the pkg tarball: > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > /sbin/poweroff > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > /sbin/poweroff > > > And installing it again sure enough gives version without setuid: > > # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > Installing FreeBSD-runtime-12.0.s20171204170123... > package FreeBSD-runtime is already installed, forced install > Extracting FreeBSD-runtime-12.0.s20171204170123: 100% > > [root@chimera] > /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > /sbin/shutdown > -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown Can you show us ls -ail for /sbin/shutdown and /sbin/poweroff? -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 18:52:05 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C16AEE6808F for ; Mon, 4 Dec 2017 18:52:05 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from mx.ixsystems.com (mx.ixsystems.com [12.229.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN ".", Issuer "." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A9BD74B6F for ; Mon, 4 Dec 2017 18:52:04 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx.ixsystems.com (Postfix) with ESMTP id 3yrDWR4RX9zCxs6 for ; Mon, 4 Dec 2017 10:52:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ixsystems.com; h=content-language:content-transfer-encoding:content-type :content-type:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:subject:subject:received :received:received:received:received:received:received; s=dkim; t=1512413511; x=1514227912; bh=lUpUkMbqk1YEAp4d2K2cJRoKtUJ4FjsW t+LLphTf1Rg=; b=nuR6UU9FR/dNFPWVv+1omdz0pzhlnxCTUJUu2Nji7+UpXdDX cZMrm+kPM6RTZq7W2BpJSbKuhFWqPBBODTe3KARltQH2tz0dYhH1DlYB6elcK1jh fjju6gy0RkFqfHZ6dAU0tyH7/N8sbzBx/nndPX9bIVF9DHqB/h16AhVQtCkS8UK7 SYQozfwJZAJyARZRDD4kP/lCX/tO4GhOf36ZTozhXtWJlBf+xWQpzrXYcr8uxBqe jkdZDzRtbPU3xm5t2/M0pdxO+BFVYLEC+/lvKKmnRrBfRBsmBNFrz+IDqL8WdEp4 pO6Xp2gqhWW6OgcHjGAdSMwA1Cs9+8IPtDmsQg== X-Amavis-Modified: Mail body modified (using disclaimer) - mx.ixsystems.com X-Virus-Scanned: Scrollout F1 at ixsystems.com Received: from mx.ixsystems.com ([127.0.0.1]) by localhost (mx.ixsystems.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Hlt28DQaHnXb for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from zm01.ixsystems.com (unknown [10.246.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ixsystems.com (Postfix) with ESMTPS id 3yrDWC5hNfzDFsb for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id A64481A11FA for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 3oPKr4ygXBC0 for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 569CB1A1202 for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) X-Virus-Scanned: amavisd-new at ixsystems.com Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8sYuGj_qT2Tr for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from [10.231.1.89] (unknown [10.231.1.89]) by zm01.ixsystems.com (Postfix) with ESMTPSA id 1C9161A11FA for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Subject: Re: Recent issue with pkg base missing setuid To: freebsd-pkgbase@freebsd.org References: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net> From: Kris Moore Message-ID: Date: Mon, 4 Dec 2017 13:51:40 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 18:52:05 -0000 On 12/04/2017 13:47, Rodney W. Grimes wrote: >> On 12/04/2017 11:37, Brad Davis wrote: >>> On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: >>>> Anybody else noticed a recent regression (say past month or so) where >>>> pkg base of latest HEAD is now failing to throw setuid on some files? We >>>> saw it at first because /sbin/shutdown lost its setuid bit, so users >>>> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, >>>> and that didn't seem to make a difference. Now I suspect something in >>>> HEAD itself changed, but for the life of me can't find where. >>> Hey Kris, >>> >>> Can you look at the plist file and see if it is correctly flagging the >>> file there? >>> >>> >>> Regards, >>> Brad Davis >>> _______________________________________________ >>> freebsd-pkgbase@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase >>> To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" >> Here's what I have in the plist: >> >> @(root,operator,04554,) /sbin/shutdown >> >> I'll note that ping/ping6 also have similar, and they install setuid >> properly: >> >> @(root,wheel,04555,) /sbin/ping >> @(root,wheel,04555,) /sbin/ping6 >> >> Here's what I have in the pkg tarball: >> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to >> /sbin/poweroff >> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff >> -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to >> /sbin/poweroff >> >> >> And installing it again sure enough gives version without setuid: >> >> # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz >> Installing FreeBSD-runtime-12.0.s20171204170123... >> package FreeBSD-runtime is already installed, forced install >> Extracting FreeBSD-runtime-12.0.s20171204170123: 100% >> >> [root@chimera] >> /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al >> /sbin/shutdown >> -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > Can you show us ls -ail for /sbin/shutdown and /sbin/poweroff? > > [root@chimera] /usr/src# ls -ail /sbin/shutdown 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown [root@chimera] /usr/src# ls -ail /sbin/poweroff 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/poweroff -- Kris Moore Director of Engineering iXsystems Enterprise Storage & Servers Driven By Open Source From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 18:59:58 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E8E0BE6822F for ; Mon, 4 Dec 2017 18:59:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C51C174F3C; Mon, 4 Dec 2017 18:59:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id D566B1F94E; Mon, 4 Dec 2017 18:59:57 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 4 Dec 2017 18:59:56 +0000 From: Glen Barber To: "Rodney W. Grimes" Cc: Kris Moore , freebsd-pkgbase@freebsd.org Subject: Re: Recent issue with pkg base missing setuid Message-ID: <20171204185956.GH22326@FreeBSD.org> References: <20171204183703.GG22326@FreeBSD.org> <201712041846.vB4IkuiW047326@pdx.rh.CN85.dnsmgr.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EDJsL2R9iCFAt7IV" Content-Disposition: inline In-Reply-To: <201712041846.vB4IkuiW047326@pdx.rh.CN85.dnsmgr.net> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 18:59:59 -0000 --EDJsL2R9iCFAt7IV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 04, 2017 at 10:46:56AM -0800, Rodney W. Grimes wrote: > > On Mon, Dec 04, 2017 at 12:46:37PM -0500, Kris Moore wrote: > > > On 12/04/2017 11:37, Brad Davis wrote: > > > > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > > > >> Anybody else noticed a recent regression (say past month or so) wh= ere > > > >> pkg base of latest HEAD is now failing to throw setuid on some fil= es? We > > > >> saw it at first because /sbin/shutdown lost its setuid bit, so use= rs > > > >> can't shutdown the box. I rolled back pkg to 1.10.1 which was work= ing, > > > >> and that didn't seem to make a difference. Now I suspect something= in > > > >> HEAD itself changed, but for the life of me can't find where. > > > > Hey Kris, > > > > > > > > Can you look at the plist file and see if it is correctly flagging = the > > > > file there? > > > > > > > > > > > > Regards, > > > > Brad Davis > > > > _______________________________________________ > > > > freebsd-pkgbase@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > > > > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freeb= sd.org" > > >=20 > > > Here's what I have in the plist: > > >=20 > > > @(root,operator,04554,) /sbin/shutdown > > >=20 > > > I'll note that ping/ping6 also have similar, and they install setuid > > > properly: > > >=20 > > > @(root,wheel,04555,) /sbin/ping > > > @(root,wheel,04555,) /sbin/ping6 > > >=20 > > > Here's what I have in the pkg tarball: > > >=20 > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link = to > > > /sbin/poweroff > > >=20 > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > > > -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link = to > > > /sbin/poweroff > > >=20 > > >=20 > > > And installing it again sure enough gives version without setuid: > > >=20 > > > # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > > > Installing FreeBSD-runtime-12.0.s20171204170123... > > > package FreeBSD-runtime is already installed, forced install > > > Extracting FreeBSD-runtime-12.0.s20171204170123: 100% > > >=20 > > > [root@chimera] > > > /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > > > /sbin/shutdown > > > -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > > >=20 > >=20 > > I think this is the problem. I believe /sbin/poweroff should be a hard > > link to /sbin/shutdown. Meaning, the links are reversed, so the setuid > > bit is lost because poweroff is not installed with the setuid bit. > >=20 > > The only thing I can think of so far is r325859, which sorts the METALOG > > to ensure metadata reproducibility. > >=20 > > Glen > >=20 >=20 > I do not believe that order is at issue here at all, or it shouldnt be, > once the files are hardlinked any chown/chmod effects the one inode > used by both files. >=20 It does appear to be the problem, because the files are packaged alphabetically now. In a repository from September, I see: % tar tvf FreeBSD-runtime-12.0*.txz | grep -E '/sbin/(poweroff|shutdown)' -r-sr-xr-- 0 root operator 15864 Sep 27 15:40 /sbin/shutdown hr-xr-xr-- 0 root wheel 0 Sep 27 15:40 /sbin/poweroff link to /s= bin/shutdown In a more recent repository, I see: % tar tvf FreeBSD-runtime-12.0*.txz | grep -E '/sbin/(poweroff|shutdown)' -r-xr-xr-- 0 root wheel 15864 Nov 15 15:28 /sbin/poweroff hr-sr-xr-- 0 root operator 0 Nov 15 15:28 /sbin/shutdown link to /s= bin/poweroff Glen --EDJsL2R9iCFAt7IV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlolmywACgkQAxRYpUeP 4pNEyRAAnrHPyT1dxYwik6Z8om7PxAOmS03kiUpeUcvLmJRIeT2MWYI5Z2Zz/zT8 5e8NIcFCiDRBqgZ0Z1HHn4jXZ9d5crxBhZ61Lv2lzkhSev/xkgrwjNcUHOFzDSgk eSu7CJIUue8pDHbF91PcQZNhFnucO71B4NRgRVdl6vAiJycBniGbQqyy4nmEWceQ jPyV30VtmX/M6EOpOM36qyfplb4m/E/MrHmnY/7xThpdWG+E832G3/bM0UcuDqe3 VTS3enGZfNIA1TdzCJ/+FVquLERkan73fzT+kFWr7I9QsP7Q0eME8p19yYgWKeMY reoA02rP9eK0DmGZHtfalHJgkwFlpgLd4oONJLQiyChv7vgVX1UdENFkNUFLplAW EsFtyYbh0l8bEibZvLu6gypY4gTtBOO69k5FlPkXpc5rYHuUrxPihz4GJzbsHFOO SJQNcvVARI9vMbgkkrwxAxRkK+cbWql03zQSODjpCbUzEIjbTGlRNi2gJUEa86Fu jwMRLz/ewveVfRYW9rKdIPfZHJCyCbI8ZUtgKxD4j2a7haNO/yN7a0Y4o8Dx7cdY Xnxe6ivZ3kpjibnEUQHEUFCT7bsynQDNp985O8S4vgOgPXmaBLg/V8zQ7KHsbuL4 jIu3esDIch4Zj8A7nqSwSl4XuaagBz19Qu13+xiZ7ZpGKNuCyl0= =zEA8 -----END PGP SIGNATURE----- --EDJsL2R9iCFAt7IV-- From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 19:48:32 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE8D4E6917B for ; Mon, 4 Dec 2017 19:48:32 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AA1377664A; Mon, 4 Dec 2017 19:48:32 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id vB4JmTQS047634; Mon, 4 Dec 2017 11:48:29 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id vB4JmTRp047633; Mon, 4 Dec 2017 11:48:29 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201712041948.vB4JmTRp047633@pdx.rh.CN85.dnsmgr.net> Subject: Re: Recent issue with pkg base missing setuid In-Reply-To: <20171204185956.GH22326@FreeBSD.org> To: Glen Barber Date: Mon, 4 Dec 2017 11:48:29 -0800 (PST) CC: Kris Moore , freebsd-pkgbase@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 19:48:32 -0000 > On Mon, Dec 04, 2017 at 10:46:56AM -0800, Rodney W. Grimes wrote: > > > On Mon, Dec 04, 2017 at 12:46:37PM -0500, Kris Moore wrote: > > > > On 12/04/2017 11:37, Brad Davis wrote: > > > > > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > > > > >> Anybody else noticed a recent regression (say past month or so) where > > > > >> pkg base of latest HEAD is now failing to throw setuid on some files? We > > > > >> saw it at first because /sbin/shutdown lost its setuid bit, so users > > > > >> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, > > > > >> and that didn't seem to make a difference. Now I suspect something in > > > > >> HEAD itself changed, but for the life of me can't find where. > > > > > Hey Kris, > > > > > > > > > > Can you look at the plist file and see if it is correctly flagging the > > > > > file there? > > > > > > > > > > > > > > > Regards, > > > > > Brad Davis > > > > > _______________________________________________ > > > > > freebsd-pkgbase@freebsd.org mailing list > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > > > > > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" > > > > > > > > Here's what I have in the plist: > > > > > > > > @(root,operator,04554,) /sbin/shutdown > > > > > > > > I'll note that ping/ping6 also have similar, and they install setuid > > > > properly: > > > > > > > > @(root,wheel,04555,) /sbin/ping > > > > @(root,wheel,04555,) /sbin/ping6 > > > > > > > > Here's what I have in the pkg tarball: > > > > > > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > > > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > > > > /sbin/poweroff > > > > > > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > > > > -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > > > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > > > > /sbin/poweroff > > > > > > > > > > > > And installing it again sure enough gives version without setuid: > > > > > > > > # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > > > > Installing FreeBSD-runtime-12.0.s20171204170123... > > > > package FreeBSD-runtime is already installed, forced install > > > > Extracting FreeBSD-runtime-12.0.s20171204170123: 100% > > > > > > > > [root@chimera] > > > > /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > > > > /sbin/shutdown > > > > -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > > > > > > > > > > I think this is the problem. I believe /sbin/poweroff should be a hard > > > link to /sbin/shutdown. Meaning, the links are reversed, so the setuid > > > bit is lost because poweroff is not installed with the setuid bit. > > > > > > The only thing I can think of so far is r325859, which sorts the METALOG > > > to ensure metadata reproducibility. > > > > > > Glen > > > > > > > I do not believe that order is at issue here at all, or it shouldnt be, > > once the files are hardlinked any chown/chmod effects the one inode > > used by both files. > > > > It does appear to be the problem, because the files are packaged > alphabetically now. In a repository from September, I see: > > % tar tvf FreeBSD-runtime-12.0*.txz | grep -E '/sbin/(poweroff|shutdown)' > -r-sr-xr-- 0 root operator 15864 Sep 27 15:40 /sbin/shutdown > hr-xr-xr-- 0 root wheel 0 Sep 27 15:40 /sbin/poweroff link to /sbin/shutdown > > In a more recent repository, I see: > > % tar tvf FreeBSD-runtime-12.0*.txz | grep -E '/sbin/(poweroff|shutdown)' > -r-xr-xr-- 0 root wheel 15864 Nov 15 15:28 /sbin/poweroff > hr-sr-xr-- 0 root operator 0 Nov 15 15:28 /sbin/shutdown link to /sbin/poweroff > > Glen Then something is wrong with pkg cause it should be doing the chmod/chown after processing the tar extract, anything else is gona be error prone. As Kris showed in the ls -i output the files have the same inode, so the hard linking worked correctly, and the chown/chmod has failed. Note that NEITHER file got set, so that kinda blows the order is important hypothisis out of the water. -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 19:52:55 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87AF6E69316 for ; Mon, 4 Dec 2017 19:52:55 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5738A76971 for ; Mon, 4 Dec 2017 19:52:55 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id vB4Jqr3j047672; Mon, 4 Dec 2017 11:52:53 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id vB4Jqrkk047671; Mon, 4 Dec 2017 11:52:53 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201712041952.vB4Jqrkk047671@pdx.rh.CN85.dnsmgr.net> Subject: Re: Recent issue with pkg base missing setuid In-Reply-To: To: Kris Moore Date: Mon, 4 Dec 2017 11:52:53 -0800 (PST) CC: freebsd-pkgbase@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 19:52:55 -0000 > On 12/04/2017 13:47, Rodney W. Grimes wrote: > >> On 12/04/2017 11:37, Brad Davis wrote: > >>> On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > >>>> Anybody else noticed a recent regression (say past month or so) where > >>>> pkg base of latest HEAD is now failing to throw setuid on some files? We > >>>> saw it at first because /sbin/shutdown lost its setuid bit, so users > >>>> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, > >>>> and that didn't seem to make a difference. Now I suspect something in > >>>> HEAD itself changed, but for the life of me can't find where. > >>> Hey Kris, > >>> > >>> Can you look at the plist file and see if it is correctly flagging the > >>> file there? > >>> > >>> > >>> Regards, > >>> Brad Davis > >>> _______________________________________________ > >>> freebsd-pkgbase@freebsd.org mailing list > >>> https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > >>> To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" > >> Here's what I have in the plist: > >> > >> @(root,operator,04554,) /sbin/shutdown > >> > >> I'll note that ping/ping6 also have similar, and they install setuid > >> properly: > >> > >> @(root,wheel,04555,) /sbin/ping > >> @(root,wheel,04555,) /sbin/ping6 > >> > >> Here's what I have in the pkg tarball: > >> > >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > >> /sbin/poweroff > >> > >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > >> -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to > >> /sbin/poweroff > >> > >> > >> And installing it again sure enough gives version without setuid: > >> > >> # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > >> Installing FreeBSD-runtime-12.0.s20171204170123... > >> package FreeBSD-runtime is already installed, forced install > >> Extracting FreeBSD-runtime-12.0.s20171204170123: 100% > >> > >> [root@chimera] > >> /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > >> /sbin/shutdown > >> -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > > Can you show us ls -ail for /sbin/shutdown and /sbin/poweroff? > > > > > [root@chimera] /usr/src# ls -ail /sbin/shutdown > 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > [root@chimera] /usr/src# ls -ail /sbin/poweroff > 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/poweroff As I expected, same inode, exact same owns/modes, but neither file got the chown/chmod that pkg should of done after it put the files in place. My guess is something is amiss in pkg that perhaps always expected the the named file in @ to come first in the tar ball? Does it track duplicate inodes/hardlinks? Is it "rolling its own" tar extractor? Or does it now recognize that a hardlink is a valid @ file name to operate on? -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 21:56:54 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD252E6C187 for ; Mon, 4 Dec 2017 21:56:54 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACBEF7B89D; Mon, 4 Dec 2017 21:56:54 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: by freefall.freebsd.org (Postfix, from userid 1235) id 05BD42C7B; Mon, 4 Dec 2017 21:56:54 +0000 (UTC) Date: Mon, 4 Dec 2017 22:56:53 +0100 From: Baptiste Daroussin To: Glen Barber Cc: "Rodney W. Grimes" , Kris Moore , freebsd-pkgbase@freebsd.org Subject: Re: Recent issue with pkg base missing setuid Message-ID: <20171204215653.4mhaf6thtn2voe4v@ivaldir.net> References: <20171204183703.GG22326@FreeBSD.org> <201712041846.vB4IkuiW047326@pdx.rh.CN85.dnsmgr.net> <20171204185956.GH22326@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="g3jupmwithszrajo" Content-Disposition: inline In-Reply-To: <20171204185956.GH22326@FreeBSD.org> User-Agent: NeoMutt/20171027 X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 21:56:54 -0000 --g3jupmwithszrajo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 04, 2017 at 06:59:56PM +0000, Glen Barber wrote: > On Mon, Dec 04, 2017 at 10:46:56AM -0800, Rodney W. Grimes wrote: > > > On Mon, Dec 04, 2017 at 12:46:37PM -0500, Kris Moore wrote: > > > > On 12/04/2017 11:37, Brad Davis wrote: > > > > > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: > > > > >> Anybody else noticed a recent regression (say past month or so) = where > > > > >> pkg base of latest HEAD is now failing to throw setuid on some f= iles? We > > > > >> saw it at first because /sbin/shutdown lost its setuid bit, so u= sers > > > > >> can't shutdown the box. I rolled back pkg to 1.10.1 which was wo= rking, > > > > >> and that didn't seem to make a difference. Now I suspect somethi= ng in > > > > >> HEAD itself changed, but for the life of me can't find where. > > > > > Hey Kris, > > > > > > > > > > Can you look at the plist file and see if it is correctly flaggin= g the > > > > > file there? > > > > > > > > > > > > > > > Regards, > > > > > Brad Davis > > > > > _______________________________________________ > > > > > freebsd-pkgbase@freebsd.org mailing list > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > > > > > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@fre= ebsd.org" > > > >=20 > > > > Here's what I have in the plist: > > > >=20 > > > > @(root,operator,04554,) /sbin/shutdown > > > >=20 > > > > I'll note that ping/ping6 also have similar, and they install setuid > > > > properly: > > > >=20 > > > > @(root,wheel,04555,) /sbin/ping > > > > @(root,wheel,04555,) /sbin/ping6 > > > >=20 > > > > Here's what I have in the pkg tarball: > > > >=20 > > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown > > > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown lin= k to > > > > /sbin/poweroff > > > >=20 > > > > # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff > > > > -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff > > > > hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown lin= k to > > > > /sbin/poweroff > > > >=20 > > > >=20 > > > > And installing it again sure enough gives version without setuid: > > > >=20 > > > > # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz > > > > Installing FreeBSD-runtime-12.0.s20171204170123... > > > > package FreeBSD-runtime is already installed, forced install > > > > Extracting FreeBSD-runtime-12.0.s20171204170123: 100% > > > >=20 > > > > [root@chimera] > > > > /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al > > > > /sbin/shutdown > > > > -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > > > >=20 > > >=20 > > > I think this is the problem. I believe /sbin/poweroff should be a ha= rd > > > link to /sbin/shutdown. Meaning, the links are reversed, so the setu= id > > > bit is lost because poweroff is not installed with the setuid bit. > > >=20 > > > The only thing I can think of so far is r325859, which sorts the META= LOG > > > to ensure metadata reproducibility. > > >=20 > > > Glen > > >=20 > >=20 > > I do not believe that order is at issue here at all, or it shouldnt be, > > once the files are hardlinked any chown/chmod effects the one inode > > used by both files. > >=20 >=20 > It does appear to be the problem, because the files are packaged > alphabetically now. In a repository from September, I see: >=20 > % tar tvf FreeBSD-runtime-12.0*.txz | grep -E '/sbin/(poweroff|shutdown)' > -r-sr-xr-- 0 root operator 15864 Sep 27 15:40 /sbin/shutdown > hr-xr-xr-- 0 root wheel 0 Sep 27 15:40 /sbin/poweroff link to = /sbin/shutdown >=20 > In a more recent repository, I see: >=20 > % tar tvf FreeBSD-runtime-12.0*.txz | grep -E '/sbin/(poweroff|shutdown)' > -r-xr-xr-- 0 root wheel 15864 Nov 15 15:28 /sbin/poweroff > hr-sr-xr-- 0 root operator 0 Nov 15 15:28 /sbin/shutdown link to = /sbin/poweroff >=20 So this is the issue, somewhere in the way libarchive is handling the hardl= inks. You can see here the setuid is only set on the hardlink not on the regfile = (the opposite of the previous one) meaning somewhow libarchive seems to be inconsistent. pkg does not set attributes (rights + ownerhsip) to any thing libarchive te= lls it to be a hardlink because it is supposed to be done on the regular file... Don't know how I can fix/workaround that. Bapt --g3jupmwithszrajo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAlolxKMACgkQY4mL3PG3 Plp5sg//R64fRA+wGasbB3l/IlILeHBFwUwkaFjDCO8LnARpCcofp3AQ26z7aXZN ULlrztoqnnMESzaDRhxmdC/9DHDm/rVXrB0VubKkO1/0xcpDqxq+xmxStgptgy45 TANEXGs4hVnuUK7vCBpR/ie0YsN5Ef5IQc64WtpZ56Mo+w0VWsQJtxngwOR2oA4p Iz98mgousvlr3xGnJNdQJvw0rNGXHtIrky3kot9HWDms8AOv47qLuRLUv3Q6AFzJ ekOxHlxptV9th4kJYv42MqS/3gPUTsouvQykhyRM39NZBn7u90Tr2vPxcxXdT/+0 nxha+YejG0fp8k2FpcKUclHj1ZtdmjWrzb5quHLwNuRMJpY0+L2EY5SFbVZbkwlI kesCtXumX8Kfagoqspfcl1pEvtW3OW5hxMje4JjKiRkM4N6tu28CoTPOG6SofjT3 Sj1OKBJxFc3ZvY9Q890D46YTnOYfh2S+ppnVPTi0Rvmb0piCJZ3+yfDYh+gluK/i 8jeaQqFYvm1r7crGeDin+KWRbt5TiMI95TD8qWVlmlDx+VKi0eMS8LCdCL5af6dz yFMLbJwBs9ERsRo8s8nAnL45E7M2gS1bwrVeRVrmuwwbP3YDzdSkg6yjd+eDswWn Wiwy/eYpkjVxq59dXugVrkeGJ1t4sBcdPI9zZkSNhyffkNgrg8M= =Kvo6 -----END PGP SIGNATURE----- --g3jupmwithszrajo-- From owner-freebsd-pkgbase@freebsd.org Wed Dec 6 18:07:31 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4462E87B86 for ; Wed, 6 Dec 2017 18:07:31 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CDF77C4B7; Wed, 6 Dec 2017 18:07:31 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-it0-x22e.google.com with SMTP id f190so8243507ita.5; Wed, 06 Dec 2017 10:07:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=fjeO2IiveMKhjqAHqJ8SuxKHtsbWPsgTqXw6hWl4xpo=; b=aectukC5DRoX88QLzJkdkCtCTgt1FELjmURyXfpdmkHtHytbCxpRb8UYNqsaVpwmAc r8zTtKm34sickESG2elgC+idPzvB2ntFKbSn+NUwu+KE0P98JPxtaSSZV9aLymwunKgG HgrAJTQigRctxMMZN7YDNFutqGjGDm8isdraNmoRb+vwJqyUDn41qcYFN+/O6DCdtGMk PtX+kQURef5ePysuftLQtsdIKcsAGjw1S9bKo9GAtaPg7ekhlKNXxPox3nQzBn2CH7t8 Y63t5gX0Oxt65iGdyMYgLsyktCp0l/gW+zU90j0pKqbr+4hc5fFSJVTwgRYFg2ZSpTDl UCEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=fjeO2IiveMKhjqAHqJ8SuxKHtsbWPsgTqXw6hWl4xpo=; b=UbMNQ/p2upKJuKrXUv9G4DjKtTEjGoPBxmDyOOmXhcn+vU6obXCcwh6ZkOb5alTPkx C1+Gomio0LUVNfAnwR3HP98PiryN5smkH8b4ow93HeqtsrRF/GXGbFvLkkDAQ78VTpD1 96q4YYJloyrvHPnn1T1EYI21wL14d5o+tTJQFJ4P3iIER+hwwvS9nIxy+Nq0Q26mFiqb of0yxxO8iiyE0f6tubBRpe8UEJ91NdSrbFOVjNAQ80n3oGhg5TLq+CQSJaydqlH05PWG cCghp5WcTAKlANspPnxDZ0pDXSfSD9hnE+J0NPZDoV0hZl406HZwcyW/G3Gou/jOxH+H b26g== X-Gm-Message-State: AJaThX7DhqW3G9L35jVfYO8VUqzq2YQf7MdMWSmBGu7oxrEaowAfKQhS 1THGXVt6vxXfu2sHLr5TVYFt0+dNdUmCSrKl9+eQonVn X-Google-Smtp-Source: AGs4zMY6WJEJhuGPjOFvwRJWeankkw+xZnhekgs1CCcAL76TqvjGuxBS5J+2GTe8pSRZH+sWco5ui5Yo0qKusI6tNSk= X-Received: by 10.107.81.24 with SMTP id f24mr33464113iob.63.1512583650343; Wed, 06 Dec 2017 10:07:30 -0800 (PST) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.85.6 with HTTP; Wed, 6 Dec 2017 10:07:09 -0800 (PST) In-Reply-To: <20171204215653.4mhaf6thtn2voe4v@ivaldir.net> References: <20171204183703.GG22326@FreeBSD.org> <201712041846.vB4IkuiW047326@pdx.rh.CN85.dnsmgr.net> <20171204185956.GH22326@FreeBSD.org> <20171204215653.4mhaf6thtn2voe4v@ivaldir.net> From: Ed Maste Date: Wed, 6 Dec 2017 13:07:09 -0500 X-Google-Sender-Auth: 8cDxrUGEHEa1gAQ_XKUk3BEqxhg Message-ID: Subject: Re: Recent issue with pkg base missing setuid To: Baptiste Daroussin Cc: Glen Barber , Kris Moore , "Rodney W. Grimes" , freebsd-pkgbase@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2017 18:07:31 -0000 On 4 December 2017 at 16:56, Baptiste Daroussin wrote: > > So this is the issue, somewhere in the way libarchive is handling the hardlinks. I'm not sure libarchive is at fault, it seems to be a bug/limitation in the way install handles links with -M. For regular installs we invoke: install -l h and the link then has the same permissions via the existing inode. With -M install produces a metalog containing ./ type=file mode=0755 size=0 (i.e., permissions not explicitly set) and we end up with two entries in the metalog referencing two names for the same inode, but with different permissions. If we passed in the mode when invoking install for a hardlink we should have the expected permissions, regardless of sorting: # install -M METALOG -m4554 -l h ./ type=file mode=04554 size=0 On a positive note there are only a few Makefiles with LINKS as well as BINOWN, BINMODE, or BINGRP. As far as I can tell: release/picobsd/tinyware/passwd/Makefile sbin/shutdown/Makefile usr.bin/at/Makefile usr.sbin/authpf/Makefile and of these shutdown is the only one that has a link that's not already in alpha order.