From owner-freebsd-pkgbase@freebsd.org Mon Dec 4 17:47:01 2017 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CD68E5F7AA for ; Mon, 4 Dec 2017 17:47:01 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from mx.ixsystems.com (mx.ixsystems.com [12.229.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN ".", Issuer "." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 23645729D2 for ; Mon, 4 Dec 2017 17:47:00 +0000 (UTC) (envelope-from kris@ixsystems.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mx.ixsystems.com (Postfix) with ESMTP id 3yrC4N05zKzDKvm for ; Mon, 4 Dec 2017 09:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ixsystems.com; h=content-language:content-transfer-encoding:content-type :content-type:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:subject:subject:received :received:received:received:received:received:received; s=dkim; t=1512409608; x=1514224009; bh=qaGxmyGatvDwdyMa8RGmLlOGgMUjRfez dR0vfVD0VYs=; b=C4uz7Rnaltp5EJ9XttJOShmdn+k709T91aUQDJUHxKK19gJQ 565gsvxMN83QyBmcQKY2zxd4GHdYCGtF68S0THufLthzoGvK7zR2rRVyZlBw9BdU ET/W6ZjrfOLiT56ujvNdppuhW3C/xcmjQR9pCuWVXXy8RV3eroU+wPKyUF9D2Y0x 2XXqNXAYK1XdFoYfurb+8Y36t7hNpICckZMFvDrv7oYj0USwDpbuyxhTxIHOBwUI GTJymsNKrbtUIvo4Dd4GdTcOjWPKrVdeLGAyMlxbNxA2xMyaius5TVCGpgyOVKOu e11vQcgUxtKegNaIE/0lSxn9g14ZNqd4zozLsw== X-Amavis-Modified: Mail body modified (using disclaimer) - mx.ixsystems.com X-Virus-Scanned: Scrollout F1 at ixsystems.com Received: from mx.ixsystems.com ([127.0.0.1]) by localhost (mx.ixsystems.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iXY53DqvVDLy for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from zm01.ixsystems.com (unknown [10.246.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ixsystems.com (Postfix) with ESMTPS id 3yrC48367pzDNRV for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 4EA0E1A114C for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 1i_5VP-F8tUx for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zm01.ixsystems.com (Postfix) with ESMTP id 047C01A1167 for ; Mon, 4 Dec 2017 09:46:48 -0800 (PST) X-Virus-Scanned: amavisd-new at ixsystems.com Received: from zm01.ixsystems.com ([127.0.0.1]) by localhost (zm01.ixsystems.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6NGIcnGbdJM5 for ; Mon, 4 Dec 2017 09:46:47 -0800 (PST) Received: from [10.231.1.89] (unknown [10.231.1.89]) by zm01.ixsystems.com (Postfix) with ESMTPSA id BF4BA1A114C for ; Mon, 4 Dec 2017 09:46:47 -0800 (PST) Subject: Re: Recent issue with pkg base missing setuid To: freebsd-pkgbase@freebsd.org References: <1512405462.2943219.1193522088.5FC897E6@webmail.messagingengine.com> From: Kris Moore Message-ID: <2d0794a2-4a51-6a9f-a430-4f9657fd14eb@ixsystems.com> Date: Mon, 4 Dec 2017 12:46:37 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <1512405462.2943219.1193522088.5FC897E6@webmail.messagingengine.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 17:47:01 -0000 On 12/04/2017 11:37, Brad Davis wrote: > On Mon, Dec 4, 2017, at 09:25 AM, Kris Moore wrote: >> Anybody else noticed a recent regression (say past month or so) where >> pkg base of latest HEAD is now failing to throw setuid on some files? We >> saw it at first because /sbin/shutdown lost its setuid bit, so users >> can't shutdown the box. I rolled back pkg to 1.10.1 which was working, >> and that didn't seem to make a difference. Now I suspect something in >> HEAD itself changed, but for the life of me can't find where. > Hey Kris, > > Can you look at the plist file and see if it is correctly flagging the > file there? > > > Regards, > Brad Davis > _______________________________________________ > freebsd-pkgbase@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase > To unsubscribe, send any mail to "freebsd-pkgbase-unsubscribe@freebsd.org" Here's what I have in the plist: @(root,operator,04554,) /sbin/shutdown I'll note that ping/ping6 also have similar, and they install setuid properly: @(root,wheel,04555,) /sbin/ping @(root,wheel,04555,) /sbin/ping6 Here's what I have in the pkg tarball: # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep shutdown hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to /sbin/poweroff # tar tvf FreeBSD-runtime-12.0.s20171204170123.txz | grep poweroff -r-xr-xr-- 0 root wheel 15440 Dec 4 17:05 /sbin/poweroff hr-sr-xr-- 0 root operator 0 Dec 4 17:05 /sbin/shutdown link to /sbin/poweroff And installing it again sure enough gives version without setuid: # pkg-static add -f FreeBSD-runtime-12.0.s20171204170123.txz Installing FreeBSD-runtime-12.0.s20171204170123... package FreeBSD-runtime is already installed, forced install Extracting FreeBSD-runtime-12.0.s20171204170123: 100% [root@chimera] /usr/obj/usr/src/repo/FreeBSD:12:amd64/12.0.s20171204170123# ls -al /sbin/shutdown -r-xr-xr-- 2 root wheel 15440 Dec 4 17:05 /sbin/shutdown -- Kris Moore Director of Engineering iXsystems Enterprise Storage & Servers Driven By Open Source