From owner-freebsd-bugs@freebsd.org Fri Jan 11 20:45:43 2019 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11BF1149CC95 for ; Fri, 11 Jan 2019 20:45:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 9B1D286E92 for ; Fri, 11 Jan 2019 20:45:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 5C79E149CC92; Fri, 11 Jan 2019 20:45:42 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D8FF149CC91 for ; Fri, 11 Jan 2019 20:45:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A950086E90 for ; Fri, 11 Jan 2019 20:45:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id CB7D6F771 for ; Fri, 11 Jan 2019 20:45:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x0BKjehN018935 for ; Fri, 11 Jan 2019 20:45:40 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x0BKjer8018934 for bugs@FreeBSD.org; Fri, 11 Jan 2019 20:45:40 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234886] shutdown not installed with setuid bit in pkgbase Date: Fri, 11 Jan 2019 20:45:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2019 20:45:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234886 Bug ID: 234886 Summary: shutdown not installed with setuid bit in pkgbase Product: Base System Version: 12.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: emaste@freebsd.org CC: kmoore@FreeBSD.org As reported by kmoore in https://lists.freebsd.org/pipermail/freebsd-pkgbase/2017-December/000350.ht= ml: > Anybody else noticed a recent regression (say past month or so) where > pkg base of latest HEAD is now failing to throw setuid on some files? We > saw it at first because /sbin/shutdown lost its setuid bit, so users > can't shutdown the box. I investigated and found that it appears to be due to the way install(1) handles links with -M (https://lists.freebsd.org/pipermail/freebsd-pkgbase/2017-December/000361.h= tml): For regular installs we invoke: install -l h and the link then has the same permissions via the existing inode. With -M install produces a metalog containing ./ type=3Dfile mode=3D0755 size=3D0 (i.e., permissions not explicitly set) and we end up with two entries in the metalog referencing two names for the same inode, but with different permissions. If we passed in the mode when invoking install for a hardlink we should have the expected permissions, regardless of sorting: # install -M METALOG -m4554 -l h ./ type=3Dfile mode=3D04554 size=3D0 On a positive note there are only a few Makefiles with LINKS as well as BINOWN, BINMODE, or BINGRP. As far as I can tell: release/picobsd/tinyware/passwd/Makefile sbin/shutdown/Makefile usr.bin/at/Makefile usr.sbin/authpf/Makefile And after that email was sent, also stand/efi/loader/Makefile and stand/i386/loader/Makefile --=20 You are receiving this mail because: You are the assignee for the bug.=