From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 18:52:05 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C16AEE6808F for ; Mon, 4 Dec 2017 18:52:05 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from mx.ixsystems.com (mx.ixsystems.com [12.229.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN ".", Issuer "." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A9BD74B6F for ; Mon, 4 Dec 2017 18:52:04 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx.ixsystems.com (Postfix) with ESMTP id 3yrDWR4RX9zCxs6 for ; Mon, 4 Dec 2017 10:52:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ixsystems.com; h=content-language:content-transfer-encoding:content-type :content-type:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:subject:subject:received :received:received:received:received:received:received; s=dkim; t=1512413511; x=1514227912; bh=lUpUkMbqk1YEAp4d2K2cJRoKtUJ4FjsW t+LLphTf1Rg=; b=nuR6UU9FR/dNFPWVv+1omdz0pzhlnxCTUJUu2Nji7+UpXdDX cZMrm+kPM6RTZq7W2BpJSbKuhFWqPBBODTe3KARltQH2tz0dYhH1DlYB6elcK1jh fjju6gy0RkFqfHZ6dAU0tyH7/N8sbzBx/nndPX9bIVF9DHqB/h16AhVQtCkS8UK7 SYQozfwJZAJyARZRDD4kP/lCX/tO4GhOf36ZTozhXtWJlBf+xWQpzrXYcr8uxBqe jkdZDzRtbPU3xm5t2/M0pdxO+BFVYLEC+/lvKKmnRrBfRBsmBNFrz+IDqL8WdEp4 pO6Xp2gqhWW6OgcHjGAdSMwA1Cs9+8IPtDmsQg== X-Amavis-Modified: Mail body modified (using disclaimer) - mx.ixsystems.com X-Virus-Scanned: Scrollout F1 at ixsystems.com Received: from mx.ixsystems.com ([127.0.0.1]) by localhost (mx.ixsystems.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Hlt28DQaHnXb for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from zm01.ixsystems.com (unknown [10.246.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ixsystems.com (Postfix) with ESMTPS id 3yrDWC5hNfzDFsb for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id A64481A11FA for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 3oPKr4ygXBC0 for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 569CB1A1202 for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) X-Virus-Scanned: amavisd-new at ixsystems.com Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8sYuGj_qT2Tr for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Received: from [10.231.1.89] (unknown [10.231.1.89]) by zm01.ixsystems.com (Postfix) with ESMTPSA id 1C9161A11FA for ; Mon, 4 Dec 2017 10:51:51 -0800 (PST) Subject: Re: Recent issue with pkg base missing setuid To: freebsd-pkgbase@freebsd.org References: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net> From: Kris Moore Message-ID: Date: Mon, 4 Dec 2017 13:51:40 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <201712041847.vB4IlmP5047340@pdx.rh.CN85.dnsmgr.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 18:52:05 -0000 On 12/04/2017 13:47, Rodney W. Grimes wrote: >> On 12/04/2017 11:37, Brad Davis wrote: >>> On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: >>>> Anybody else noticed a recent regression (say past month or so) where >>>> pkg base of latest HEAD is now failing to throw setuid on some files? We >>>> saw it at first because /sbin/shutdown lost its setuid bit, so users >>>> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, >>>> and that didn't seem to make a difference. Now I suspect something in >>>> HEAD itself changed, but for the life of me can't find where. >>> Hey Kris, >>> >>> Can you look at the plist file and see if it is correctly flagging the >>> file there? >>> >>> >>> Regards, >>> Brad Davis >>> _______________________________________________ >>> freebsd-pkgbase@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase >>> To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" >> Here's what I have in the plist: >> >> @(root,operator,04554,) /sbin/shutdown >> >> I'll note that ping/ping6 also have similar, and they install setuid >> properly: >> >> @(root,wheel,04555,) /sbin/ping >> @(root,wheel,04555,) /sbin/ping6 >> >> Here's what I have in the pkg tarball: >> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to >> /sbin/poweroff >> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff >> -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff >> hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to >> /sbin/poweroff >> >> >> And installing it again sure enough gives version without setuid: >> >> # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz >> Installing FreeBSD-runtime-12.0.s20171204170123... >> package FreeBSD-runtime is already installed, forced install >> Extracting FreeBSD-runtime-12.0.s20171204170123: 100% >> >> [root@chimera] >> /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al >> /sbin/shutdown >> -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown > Can you show us ls -ail for /sbin/shutdown and /sbin/poweroff? > > [root@chimera] /usr/src# ls -ail /sbin/shutdown 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown [root@chimera] /usr/src# ls -ail /sbin/poweroff 245898 -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/poweroff -- Kris Moore Director of Engineering iXsystems Enterprise Storage & Servers Driven By Open Source