Bug#642452: marked as done (SetUID-enabled binary doesn't run as root)

To: Julien Cristau <jcristau@debian.org>
Subject: Bug#642452: marked as done (SetUID-enabled binary doesn't run as root)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 22 Sep 2011 18:54:18 +0000
Message-id: <[🔎] handler.642452.D642452.131671756231940.ackdone@bugs.debian.org>
References: <20110922185230.GA8114@radis.liafa.jussieu.fr> <201109221307.28613.Jeffrey.Thomas@nerdery.com>

Your message dated Thu, 22 Sep 2011 20:52:30 +0200
with message-id <20110922185230.GA8114@radis.liafa.jussieu.fr>
and subject line Re: Bug#642452: SetUID-enabled binary doesn't run as root
has caused the Debian Bug report #642452,
regarding SetUID-enabled binary doesn't run as root
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
642452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642452
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: SetUID-enabled binary doesn't run as root
From: Jeffrey G Thomas <Jeffrey.Thomas@nerdery.com>
Date: Thu, 22 Sep 2011 13:07:28 -0500
Message-id: <201109221307.28613.Jeffrey.Thomas@nerdery.com>

Package: setuid
Severity: normal

*** Please type your report below this line ***
We have a custom C binary that checks for permitted paths and users, and if those checks pass, our binary runs as set-uid (as root) chmod and chgrp on some directories.

The general idea is that our programmers can correct permissions on folders to allow wider access for the other programmers, assuming the checks all pass.

Note this isn't *always* a problem, on either the 32 nor 64 bit machines discussed below.  Running the chmod and chgrp commands as root from the command line works fine when these fail.

This SetUID option works fine on Debian 5 machines here, but on Debian 6 x64 (x86.64) we get SegFaults:
cweber@athens:~/public_html/lps$ chperms `pwd`
Segmentation fault

and on Debian 6 x86.32 we get 'Operation not permitted':
wvincent@athens:~/public_html/lps/sites$ chperms `pwd`
chgrp -R staff /home/wvincent/public_html/lps/sites
chgrp: changing group of `/home/wvincent/public_html/lps/sites/default/files/feeds/studiolocations.csv': Operation not permitted
chgrp: changing group of `/home/wvincent/public_html/lps/sites/default/files/feeds': Operation not permitted
chmod -R g+wrx /home/wvincent/public_html/lps/sites
chmod: changing permissions of `/home/wvincent/public_html/lps/sites/default/files/feeds': Operation not permitted
chmod: changing permissions of `/home/wvincent/public_html/lps/sites/default/files/feeds/studiolocations.csv': Operation not permitted 



The file in question does have its permissions set correctly AFAICT:
-rwsr-sr-x 1 root root 7860 Sep  1 14:24 /bin/chperms.orig

The same file should be running on both Debian6 x86.64 and x86.32

root@berlin:~# file /bin/chperms.orig
/bin/chperms.orig: setuid setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

athens:~# file /bin/chperms.orig 
/bin/chperms.orig: setuid setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped





-- System Information:
Debian Release: 6.0.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

To: Jeffrey G Thomas <Jeffrey.Thomas@nerdery.com>, 642452-done@bugs.debian.org
Subject: Re: Bug#642452: SetUID-enabled binary doesn't run as root
From: Julien Cristau <jcristau@debian.org>
Date: Thu, 22 Sep 2011 20:52:30 +0200
Message-id: <20110922185230.GA8114@radis.liafa.jussieu.fr>
In-reply-to: <201109221307.28613.Jeffrey.Thomas@nerdery.com>
References: <201109221307.28613.Jeffrey.Thomas@nerdery.com>

On Thu, Sep 22, 2011 at 13:07:28 -0500, Jeffrey G Thomas wrote:

> Package: setuid
> Severity: normal
> 
> *** Please type your report below this line ***
> We have a custom C binary that checks for permitted paths and users, and if those checks pass, our binary runs as set-uid (as root) chmod and chgrp on some directories.
> 
> The general idea is that our programmers can correct permissions on folders to allow wider access for the other programmers, assuming the checks all pass.
> 
> Note this isn't *always* a problem, on either the 32 nor 64 bit machines discussed below.  Running the chmod and chgrp commands as root from the command line works fine when these fail.
> 
> This SetUID option works fine on Debian 5 machines here, but on Debian 6 x64 (x86.64) we get SegFaults:
> cweber@athens:~/public_html/lps$ chperms `pwd`
> Segmentation fault
> 
> and on Debian 6 x86.32 we get 'Operation not permitted':
> wvincent@athens:~/public_html/lps/sites$ chperms `pwd`
> chgrp -R staff /home/wvincent/public_html/lps/sites
> chgrp: changing group of `/home/wvincent/public_html/lps/sites/default/files/feeds/studiolocations.csv': Operation not permitted

I'm afraid that sounds like a bug in your program.

Cheers,
Julien

--- End Message ---

Reply to:

Prev by Date: Re: Bug#642416: ITP: node-which -- Like which(1) unix command for Node
Next by Date: Bug#642452: SetUID-enabled binary doesn't run as root
Previous by thread: Processed: Re: Bug#642452: SetUID-enabled binary doesn't run as root
Next by thread: Bug#642452: SetUID-enabled binary doesn't run as root
Index(es):
- Date
- Thread