--- Begin Message ---
Package: setuid
Severity: normal
*** Please type your report below this line ***
We have a custom C binary that checks for permitted paths and users, and if those checks pass, our binary runs as set-uid (as root) chmod and chgrp on some directories.
The general idea is that our programmers can correct permissions on folders to allow wider access for the other programmers, assuming the checks all pass.
Note this isn't *always* a problem, on either the 32 nor 64 bit machines discussed below. Running the chmod and chgrp commands as root from the command line works fine when these fail.
This SetUID option works fine on Debian 5 machines here, but on Debian 6 x64 (x86.64) we get SegFaults:
cweber@athens:~/public_html/lps$ chperms `pwd`
Segmentation fault
and on Debian 6 x86.32 we get 'Operation not permitted':
wvincent@athens:~/public_html/lps/sites$ chperms `pwd`
chgrp -R staff /home/wvincent/public_html/lps/sites
chgrp: changing group of `/home/wvincent/public_html/lps/sites/default/files/feeds/studiolocations.csv': Operation not permitted
chgrp: changing group of `/home/wvincent/public_html/lps/sites/default/files/feeds': Operation not permitted
chmod -R g+wrx /home/wvincent/public_html/lps/sites
chmod: changing permissions of `/home/wvincent/public_html/lps/sites/default/files/feeds': Operation not permitted
chmod: changing permissions of `/home/wvincent/public_html/lps/sites/default/files/feeds/studiolocations.csv': Operation not permitted
The file in question does have its permissions set correctly AFAICT:
-rwsr-sr-x 1 root root 7860 Sep 1 14:24 /bin/chperms.orig
The same file should be running on both Debian6 x86.64 and x86.32
root@berlin:~# file /bin/chperms.orig
/bin/chperms.orig: setuid setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
athens:~# file /bin/chperms.orig
/bin/chperms.orig: setuid setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
- To: Jeffrey G Thomas <Jeffrey.Thomas@nerdery.com>, 642452-done@bugs.debian.org
- Subject: Re: Bug#642452: SetUID-enabled binary doesn't run as root
- From: Julien Cristau <jcristau@debian.org>
- Date: Thu, 22 Sep 2011 20:52:30 +0200
- Message-id: <20110922185230.GA8114@radis.liafa.jussieu.fr>
- In-reply-to: <201109221307.28613.Jeffrey.Thomas@nerdery.com>
- References: <201109221307.28613.Jeffrey.Thomas@nerdery.com>
On Thu, Sep 22, 2011 at 13:07:28 -0500, Jeffrey G Thomas wrote:
> Package: setuid
> Severity: normal
>
> *** Please type your report below this line ***
> We have a custom C binary that checks for permitted paths and users, and if those checks pass, our binary runs as set-uid (as root) chmod and chgrp on some directories.
>
> The general idea is that our programmers can correct permissions on folders to allow wider access for the other programmers, assuming the checks all pass.
>
> Note this isn't *always* a problem, on either the 32 nor 64 bit machines discussed below. Running the chmod and chgrp commands as root from the command line works fine when these fail.
>
> This SetUID option works fine on Debian 5 machines here, but on Debian 6 x64 (x86.64) we get SegFaults:
> cweber@athens:~/public_html/lps$ chperms `pwd`
> Segmentation fault
>
> and on Debian 6 x86.32 we get 'Operation not permitted':
> wvincent@athens:~/public_html/lps/sites$ chperms `pwd`
> chgrp -R staff /home/wvincent/public_html/lps/sites
> chgrp: changing group of `/home/wvincent/public_html/lps/sites/default/files/feeds/studiolocations.csv': Operation not permitted
I'm afraid that sounds like a bug in your program.
Cheers,
Julien
--- End Message ---