[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: coreutils/install cannot set setuid bits
From: Nero <nero () w1r3 ! net>
Date: 2023-05-13 13:27:13
Message-ID: ZF+QMboyw8bCgLv+ () lucy ! w1r3 ! net
[Download RAW message or body]
Hello,
I'm using the BusyBox v1.35.0 shipped with Alpine Linux 3.17.
I'm trying to use coreutils/install to install a program with setuid
bit set, but the setuid bit ends up being stripped.
strace on the `install` invocation:
> chmod("/home/nero/.local/bin/brightness", 04111) = 0
> lchown("/home/nero/.local/bin/brightness", 0, 0) = 0
Destination access rights observed with:
> $ stat -c %a /home/nero/.local/bin/brightness
> 111
in coreutils/install.c, in install_main(), chmod is done first,
lchown afterwards. But from Linux's chown(2):
> When the owner or group of an executable file is changed by an
> unprivileged user, the S_ISUID and S_ISGID mode bits are cleared.
> POSIX does not specify whether this also should happen when root does
> the chown(); the Linux behavior depends on the kernel version, and
> since Linux 2.2.13, root is treated like other users.
I checked against GNU coreutils 9.1, strace:
> fchownat(3, "brightness", 0, 0, AT_SYMLINK_NOFOLLOW) = 0
> fchmodat(3, "brightness", 04111) = 0
Yields the expected result:
> stat -c %a /home/nero/.local/bin/brightness
> 4111
I think swapping the ordering of the chmod and lchown sections in
coreutils/install.c, install_main() would fix what i think is a bug.
Ideas?
-- Nero
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic