From owner-freebsd-ports  Sat Dec 15  7:20:12 2001
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5067937B417
	for <freebsd-ports@hub.freebsd.org>; Sat, 15 Dec 2001 07:20:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fBFFK1G90482;
	Sat, 15 Dec 2001 07:20:01 -0800 (PST)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id E2AFB37B419
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 15 Dec 2001 07:14:04 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fBFFE4T89999;
	Sat, 15 Dec 2001 07:14:04 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200112151514.fBFFE4T89999@freefall.freebsd.org>
Date: Sat, 15 Dec 2001 07:14:04 -0800 (PST)
From: Andreas Klemm <andreas@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: ports/32872: nethack3-gnome port, gtk library component complains about running SUID
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


>Number:         32872
>Category:       ports
>Synopsis:       nethack3-gnome port, gtk library component complains about running SUID
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 15 07:20:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Andreas Klemm
>Release:        4.4
>Organization:
>Environment:
FreeBSD titan.klemm.gtn.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Sat Dec  8 17:33:34 CET 2001     root@titan.klemm.gtn.com:/usr/src/sys/compile/TITAN  i386
>Description:
andreas@titan[ttyp2]{1003} ~ nethack

Gtk-WARNING **: This process is currently running setuid or setgid.
This is not a supported use of GTK+. You must create a helper
program instead. For further details, see:

    http://www.gtk.org/setuid.html

Refusing to initialize GTK+.

These shared libs are in use:
andreas@titan[ttyp2]{1018} ...share/nethack ldd nethack	
nethack:
	libncurses.so.5 => /usr/lib/libncurses.so.5 (0x281cb000)
	libgnomeui.so.5 => /usr/X11R6/lib/libgnomeui.so.5 (0x2820d000)
	libgnome.so.5 => /usr/X11R6/lib/libgnome.so.5 (0x282db000)
	libart_lgpl.so.5 => /usr/X11R6/lib/libart_lgpl.so.5 (0x282f2000)
	libgtk12.so.2 => /usr/X11R6/lib/libgtk12.so.2 (0x28300000)
	libgdk12.so.2 => /usr/X11R6/lib/libgdk12.so.2 (0x28428000)
	libglib12.so.3 => /usr/local/lib/libglib12.so.3 (0x2845a000)
	libpopt.so.0 => /usr/local/lib/libpopt.so.0 (0x2847c000)
	libc.so.4 => /usr/lib/libc.so.4 (0x28482000)
	libgdk_imlib.so.5 => /usr/X11R6/lib/libgdk_imlib.so.5 (0x2851b000)
	libesd.so.2 => /usr/local/lib/libesd.so.2 (0x28544000)
	libaudiofile.so.0 => /usr/local/lib/libaudiofile.so.0 (0x2854c000)
	libm.so.2 => /usr/lib/libm.so.2 (0x2856d000)
	libtiff.so.4 => /usr/local/lib/libtiff.so.4 (0x28589000)
	libungif.so.5 => /usr/local/lib/libungif.so.5 (0x285ca000)
	libpng.so.5 => /usr/local/lib/libpng.so.5 (0x285d2000)
	libz.so.2 => /usr/lib/libz.so.2 (0x285f4000)
	libgmodule12.so.3 => /usr/local/lib/libgmodule12.so.3 (0x28601000)
	libintl.so.1 => /usr/local/lib/libintl.so.1 (0x28604000)
	libxpg4.so.3 => /usr/lib/libxpg4.so.3 (0x28609000)
	libXext.so.6 => /usr/X11R6/lib/libXext.so.6 (0x2860b000)
	libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0x28619000)
	libSM.so.6 => /usr/X11R6/lib/libSM.so.6 (0x286f4000)
	libICE.so.6 => /usr/X11R6/lib/libICE.so.6 (0x286fd000)
	libjpeg.so.9 => /usr/local/lib/libjpeg.so.9 (0x28713000)
	libXThrStub.so.6 => /usr/X11R6/lib/libXThrStub.so.6 (0x28731000)




>How-To-Repeat:
compile and install nethack3-gnome port
>Fix:
write a wrapper program to make the port work out of the box ?
I tried to chmod 0555 /usr/local/share/nethack/nethack and
chmod g+s /usr/local/bin/nethack to make it SUID games,
but appearantly SGID doesn't work on FreeBSD with shellscripts,
remember an issue with that but forgot what needs to be arranged.
Putting an "id" command in /usr/local/bin/nethack shellscript
gives on the output:
andreas@titan[ttyp2]{1066} ...local/bin	nethack
uid=1001(andreas) gid=1001(andreas) groups=1001(andreas), 0(wheel), 5(operator)
Warning: cannot write scoreboard file record
No write permission to lock perm!


So: SGID shellscript doesn't do the right thing ...
Could it be the case that we need a binary wrapper program ???

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message