From owner-freebsd-pkgbase@freebsd.org  Mon Dec  4 19:52:55 2017
Return-Path: <owner-freebsd-pkgbase@freebsd.org>
Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87AF6E69316
 for <freebsd-pkgbase@mailman.ysv.freebsd.org>;
 Mon,  4 Dec 2017 19:52:55 +0000 (UTC)
 (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5738A76971
 for <freebsd-pkgbase@freebsd.org>; Mon,  4 Dec 2017 19:52:55 +0000 (UTC)
 (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1])
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id vB4Jqr3j047672;
 Mon, 4 Dec 2017 11:52:53 -0800 (PST)
 (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id vB4Jqrkk047671;
 Mon, 4 Dec 2017 11:52:53 -0800 (PST) (envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net>
Message-Id: <201712041952.vB4Jqrkk047671@pdx.rh.CN85.dnsmgr.net>
Subject: Re: Recent issue with pkg base missing setuid
In-Reply-To: <b101f855-ec99-d837-35c1-a1282ed4206d@ixsystems.com>
To: Kris Moore <kris@ixsystems.com>
Date: Mon, 4 Dec 2017 11:52:53 -0800 (PST)
CC: freebsd-pkgbase@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: freebsd-pkgbase@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Packaging the FreeBSD base system." <freebsd-pkgbase.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pkgbase>, 
 <mailto:freebsd-pkgbase-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pkgbase/>
List-Post: <mailto:freebsd-pkgbase@freebsd.org>
List-Help: <mailto:freebsd-pkgbase-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase>, 
 <mailto:freebsd-pkgbase-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 19:52:55 -0000

> On 12/04/2017 13:47, Rodney W. Grimes wrote:
> >> On 12/04/2017 11:37, Brad Davis wrote:
> >>> On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote:
> >>>> Anybody else noticed a recent regression (say past month or so) where
> >>>> pkg base of latest HEAD is now failing to throw setuid on some files? We
> >>>> saw it at first because /sbin/shutdown lost its setuid bit, so users
> >>>> can't shutdown the box. I rolled back pkg to 1.10.1 which was working,
> >>>> and that didn't seem to make a difference. Now I suspect something in
> >>>> HEAD itself changed, but for the life of me can't find where.
> >>> Hey Kris,
> >>>
> >>> Can you look at the plist file and see if it is correctly flagging the
> >>> file there?
> >>>
> >>>
> >>> Regards,
> >>> Brad Davis
> >>> _______________________________________________
> >>> freebsd-pkgbase@freebsd.org mailing list
> >>> https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase
> >>> To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org"
> >> Here's what I have in the plist:
> >>
> >> @(root,operator,04554,) /sbin/shutdown
> >>
> >> I'll note that ping/ping6 also have similar, and they install setuid
> >> properly:
> >>
> >> @(root,wheel,04555,) /sbin/ping
> >> @(root,wheel,04555,) /sbin/ping6
> >>
> >> Here's what I have in the pkg tarball:
> >>
> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown
> >> hr-sr-xr--  0 root   operator     0 Dec  4 17:05 /sbin/shutdown link to
> >> /sbin/poweroff
> >>
> >> # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff
> >> -r-xr-xr--  0 root   wheel    15440 Dec  4 17:05 /sbin/poweroff
> >> hr-sr-xr--  0 root   operator     0 Dec  4 17:05 /sbin/shutdown link to
> >> /sbin/poweroff
> >>
> >>
> >> And installing it again sure enough gives version without setuid:
> >>
> >> # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz
> >> Installing FreeBSD-runtime-12.0.s20171204170123...
> >> package FreeBSD-runtime is already installed, forced install
> >> Extracting FreeBSD-runtime-12.0.s20171204170123: 100%
> >>
> >> [root@chimera]
> >> /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al
> >> /sbin/shutdown
> >> -r-xr-xr--  2 root  wheel  15440 Dec  4 17:05 /sbin/shutdown
> > Can you show us ls -ail for /sbin/shutdown and /sbin/poweroff?
> >
> >
> [root@chimera] /usr/src# ls -ail /sbin/shutdown
> 245898 -r-xr-xr--  2 root  wheel  15440 Dec  4 17:05 /sbin/shutdown
> [root@chimera] /usr/src# ls -ail /sbin/poweroff
> 245898 -r-xr-xr--  2 root  wheel  15440 Dec  4 17:05 /sbin/poweroff

As I expected, same inode, exact same owns/modes, but neither file
got the chown/chmod that pkg should of done after it put the files
in place.

My guess is something is amiss in pkg that perhaps always expected
the the named file in @ to come first in the tar ball?   Does it track
duplicate inodes/hardlinks?   Is it "rolling its own" tar extractor?

Or does it now recognize that a hardlink is a valid @ file name to
operate on?

-- 
Rod Grimes                                                 rgrimes@freebsd.org