Date: Mon, 4 Dec 2017 13:51:40 -0500 From: Kris Moore <kris@ixsystems.com> To: freebsd-pkgbase@freebsd.org Subject: Re: Recent issue with pkg base missing setuid Message-ID: <b101f855-ec99-d837-35c1-a1282ed4206d@ixsystems.com> In-Reply-To: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net> References: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/04/2017 13:47, Rodney W. Grimes wrote: >> On 12/04/2017 11:37, Brad Davis wrote: >>> On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: >>>> Anybody else noticed a recent regression (say past month or so) where >>>> pkg base of latest HEAD is now failing to throw setuid on some files? We >>>> saw it at first because /sbin/shutdown lost its setuid bit, so users >>>> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, >>>> and that didn't seem to make a difference. Now I suspect something in >>>> HEAD itself changed, but for the life of me can't find where. >>> Hey Kris, >>> >>> Can you look at the plist file and see if it is correctly flagging the >>> file there? >>> >>> >>> Regards, >>> Brad Davis >>> _______________________________________________ >>> freebsd-pkgbase@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase >>> To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" >> Here's what I have in the plist: >> >> @(root,operator,04554,) /sbin/shutdown >> >> I'll note that ping/ping6 also have similar, and they install setuid >> properly: >> >> @(root,wheel,04555,) /sbin/ping >> @(root,wheel,04555,) /sbin/ping6 >> >> Here's what I have in the pkg tarball: >> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to >> /sbin/poweroff >> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff >> -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to >> /sbin/poweroff >> >> >> And installing it again sure enough gives version without setuid: >> >> # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz >> Installing FreeBSD-runtime-12.0.s20171204170123... >> package FreeBSD-runtime is already installed, forced install >> Extracting FreeBSD-runtime-12.0.s20171204170123: 100% >> >> [root@chimera] >> /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al >> /sbin/shutdown >> -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > Can you show us ls -ail for /sbin/shutdown and /sbin/poweroff? > > [root@chimera] /usr/src# ls -ail /sbin/shutdown 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown [root@chimera] /usr/src# ls -ail /sbin/poweroff 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/poweroff -- Kris Moore Director of Engineering iXsystems Enterprise Storage & Servers Driven By Open Source
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b101f855-ec99-d837-35c1-a1282ed4206d>