[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#96881: marked as done (Bxx96860: Includes privileged calls in build target.)

Your message dated Wed, 02 Jun 2004 14:47:05 -0400
with message-id <E1BValV-0001Cx-00@newraff.debian.org>
and subject line Bug#96881: fixed in dpkg 1.10.22
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 9 May 2001 15:12:57 +0000
>From cpbs@uk.alcove.com Wed May 09 10:12:57 2001
Return-path: <cpbs@uk.alcove.com>
Received: from smtp.uk.alcove.com (aragorn.alcove-uk) [] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 14xVe5-0006xc-00; Wed, 09 May 2001 10:12:57 -0500
Received: by aragorn.alcove-uk (Postfix, from userid 2001)
	id 0E5847A11D; Wed,  9 May 2001 16:12:56 +0100 (BST)
Date: Wed, 9 May 2001 16:12:55 +0100
From: Charles Briscoe-Smith <charles.briscoe-smith@uk.alcove.com>
To: Daniel Kobras <kobras@tat.physik.uni-tuebingen.de>
Cc: submit@bugs.debian.org
Subject: Re: Bxx96860: Includes privileged calls in build target.
Message-ID: <20010509161255.C3537@uk.alcove.com>
References: <E14xSYb-00017l-00@antares.tat.physik.uni-tuebingen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.17i
In-Reply-To: <E14xSYb-00017l-00@antares.tat.physik.uni-tuebingen.de>; from kobras@tat.physik.uni-tuebingen.de on Wed, May 09, 2001 at 01:55:05PM +0200
Delivered-To: submit@bugs.debian.org

Package: dpkg-dev
Version: 1.9.5
Severity: serious

[Bcc'ed to 96860@bugs.debian.org]

On Wed, May 09, 2001 at 01:55:05PM +0200, Daniel Kobras wrote:
> The build target in the yada-generated rules file depends on the
> debian/tmp-gramofile/DEBIAN/control target (via install-tree/install-tree-any).
> The last calls in .../control seem more appropriate to binary than to build,

Traditionally, these things are done as root by most maintainers.
Personally, I'd consider it irresponsible of me to do things as root
that could just as well be done as a normal user, so most (if not all)
of my packages do very little as root.  The only things most of them do
as root is to fix up file ownerships and permissions.  Until recently,
there has been no need to do anything else as root.

Hopefully, this ensures that the security-conscious can build my packages
on their machines without having to audit too much of my build scripts,
and it protects my machines, and others, against bugs in my build scripts.

> however. dpkg-shlibdeps, for example, calls chown(2) internally and therefore
> should be invoked as root. According to policy sect. 5.2, such privileged calls
> are not allowed in the build target.

It is only recently that dpkg-shlibdeps has failed to work perfectly
well as a non-root user.  There is no reason that the functions that
dpkg-shlibdeps performs should require root.  As far as I can see,
the only thing that prevents dpkg-shlibdeps running as root is one call
to chown.  The reason for the chown, AFAICS, is that when dpkg-shlibdeps
runs it creates a file.  If that file is owned by root, it should chown
the file back to the user running dpkg-shlibdeps.  If dpkg-shlibdeps is
not running as root, the chown is inappropriate and not needed.

> The current version usually works in a conventional development system
> where debian/substvars.new is chown()ed to its previous owner, but
> it fails in some of the more sophisticated autobuilder setups. See bugs
> #92749, and #96798 for examples.

See also 90699.  Having read your commentary in the gramofile bug, I've
found how to trigger the bug: give LOGNAME a value which maps to a uid
other than that as which the build is being run.  This needs fixing in
the dpkg-dev package, IMHO.

dpkg-distaddfile, dpkg-gencontrol and dpkg-shlibdeps appear to be the
three commands which will have this bug.  I would suggest fixing this in
one of two ways.  Either change each of dpkg-distaddfile, dpkg-gencontrol
and dpkg-shlibdeps not to fail if the chown fails due to insufficient
privilege, or change controllib.pl to set @fowner to the current process
owner and group if the process is not running as root.

I don't think these changes should cause any problems; AFAICS, (correct me
if I'm wrong) the only reason for the chown is to avoid leaving root-owned
files sitting around in the debian/ directory, which could cause problems
if those files needed to be modified later in the build process.

> The appropriate fix, I think, is to split the .../control target and move
> the upper half to its own target that is invoked from build, and remove
> the dependency on .../control from the install-tree-any target.

I don't think this is appropriate; I have carefully designed the build
process of my packages (and built the same idea into yada) to avoid
doing things as root unnecessarily.  dpkg-shlibdeps and friends have
simply broken recently and should be fixed.


Charles Briscoe-Smith                     Hacking Free Software for Alcove
PGP/GPG:  1024R/B35EE811  74 68 AB 2E 1C 60 22 94  B8 21 2D 01 DE 66 13 E2
I sign these contracts / that means I'm willing / to keep on doing bloody
awful evil things / [...] No! No! / This nightmare must come to an end!
  -- Seymour, "Little Shop of Horrors", lyrics by Howard Ashman, apparently
     referring to the ethics of signing non-disclosure agreements

Received: (at 96881-close) by bugs.debian.org; 2 Jun 2004 18:53:23 +0000
>From katie@ftp-master.debian.org Wed Jun 02 11:53:23 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BVarb-0007YN-00; Wed, 02 Jun 2004 11:53:23 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1BValV-0001Cx-00; Wed, 02 Jun 2004 14:47:05 -0400
From: Scott James Remnant <scott@netsplit.com>
To: 96881-close@bugs.debian.org
X-Katie: $Revision: 1.49 $
Subject: Bug#96881: fixed in dpkg 1.10.22
Message-Id: <E1BValV-0001Cx-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 02 Jun 2004 14:47:05 -0400
Delivered-To: 96881-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-CrossAssassin-Score: 65

Source: dpkg
Source-Version: 1.10.22

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

  to pool/main/d/dpkg/dpkg-dev_1.10.22_all.deb
  to pool/main/d/dpkg/dpkg-doc_1.10.22_all.deb
  to pool/main/d/dpkg/dpkg_1.10.22.dsc
  to pool/main/d/dpkg/dpkg_1.10.22.tar.gz
  to pool/main/d/dpkg/dpkg_1.10.22_i386.deb
  to pool/main/d/dpkg/dselect_1.10.22_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 96881@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Scott James Remnant <scott@netsplit.com> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Tue,  1 Jun 2004 18:21:40 -0300
Source: dpkg
Binary: dpkg-doc dpkg dselect dpkg-dev dpkg-static
Architecture: source all i386
Version: 1.10.22
Distribution: unstable
Urgency: low
Maintainer: Dpkg Development <debian-dpkg@lists.debian.org>
Changed-By: Scott James Remnant <scott@netsplit.com>
 dpkg       - Package maintenance system for Debian
 dpkg-dev   - Package building tools for Debian
 dpkg-doc   - Dpkg Internals Documentation
 dselect    - a user tool to manage Debian packages
Closes: 41554 81355 85079 85815 85818 96881 114946 120562 122910 133640 137719 140695 154422 175897 179648 192812 202997 204691 206163 211850 211856 212284 216695 217042 217823 218060 219623 221235 226800 226931 227169 229766 230242 230751 232317 232445 232639 232831 233282 235773 236331 237734 238483 241938 244624 245994 246103 246158 246159 246160 246161 246162 246163 246164 246359 246595 246857 247086 247116 248483 249254 249454 250176 250281 251830
 dpkg (1.10.22) unstable; urgency=low
   The DebConf4 Release.
   This release is mostly intended to mop up the minor and trivial bug
   fixes in the list and clear out the documentation changes.  As such,
   it should be treated with even more suspicion than is normal.
   * Use colouring to break cycles earlier to avoid long loops whilst
     installing or configuring packages.  Closes: #232445, #246857.
   * Don't try to configure packages that disappeared in the same
     run.  Closes: #202997.
   * Fix segfault when "gcc -dumpmachine" returns a non-matching triplet.
     Closes: #211850.
   * Remove restriction that package names be at least two characters long.
     Closes: #237734.
   * Fix dpkg-source (actually controllib.pl) to output the field name
     properly again.  Closes: #226931, #246595.
   * Make dpkg-scanpackages output Origin and Bugs fields with proper
     casing.  Closes: #154422.
   * Add support for DOS line-endings to md5sum.  Closes: #246103.
   * Fix start-stop-daemon segfault on Hurd.  Closes: #133640.
   * Allow dpkg-shlibdeps to run as non-root users.  Closes: #96881.
   * Correct various compiler warnings.  Closes: #229766.
   * Architecture Support:
     - Added x86-64 (x86_64 / amd64).  Closes: #238483, #241938.
     - Added i?86-gnu (Hurd).  Closes: #216695, #236331.
     - Added i386-kfreebsd-gnu and i386-knetbsd-gnu.  Closes: #250176.
   * Packaging:
     - Create $(docdir) even when --without-sgml-doc is passed so the
       ChangeLog can be installed.  Closes: #137719.
     - Stop hardcoding the list of manual page languages in debian/rules,
       so we include Spanish, Russian and Brazilian Portugese.  Closes: #245994.
     - Quote LDFLAGS in debian/rules to allow multiple options.
       Closes: #230242.
   * Documentation:
     - Move dpkg-scanpackages and dpkg-scansources to section 1 as they
       are user tools.  Closes: #114946.
     - Correct hyphen characters in manpages.  Closes: #212284, #247086, #226800.
     - Remove obsolete references to the Debian Packaging Manual.
       Closes: #122910, #140695.
     - Correct 'n' and 'p' key descriptions in dselect help message.
       Closes: #120562.
     - Add --force-bad-verify to dpkg manpage.  Closes: #192812.
     - Correct dpkg manpage to refer to --force-remove-reinstreq instead of
       -non-existant --force-reinstreq option.  Closes: #232831.
     - Correct documentation of --compare-versions arguments.  Closes: #232317.
     - Correct usage of "et al" to "et al.".  Closes: #230751.
     - Add dpkg-reconfigure(8) to SEE ALSO section of dpkg(8).  Closes: #233282.
     - Suggest packages that provide additional functionality in the dpkg
       manpage.  Closes: #81355.
     - Suggest dselect update in description of dpkg --update-avail.
       Closes: #206163.
     - Suggest aptitude as well as dselect.  Closes: #217042.
     - Suggest fakeroot for dpkg-source -r.  Closes: #175897.
     - Correct documentation of start-stop-daemon.  Closes: #41554, #211856.
     - Correct documentation of start-stop-daemon manpage to refer to --retry
       alongside --stop.  Closes: #204691.
     - Add note that start-stop-daemon will chdir("/") unless -d is specified.
       Closes: #217823, #218060.
     - Correct documentation of dpkg-query --list.  Closes: #232639.
     - Correct invalid use of &quot; within update-alternatives(8) with .BR.
       Closes: #244624.
     - Rewrite description of dpkg-source -i to indicate the intent of the
       default setting rather than the exact exclusions.  Closes: #227169.
     - Correct documentation of dpkg-statoverride --update.  Closes: #85079.
     - Correct documentation of update-alternatives --install.  Closes: #179648.
     - Documented dpkg:Version and dpkg:UpstreamVersion substvars.
       Closes: #85815, #85818.
     - Fix spelling error in utils/md5sum.1.  Closes: #250281.
     - Replace "&c." with the slightly clearer "etc.".  Closes: #235773.
     - Correct various typos.  Closes: #219623, #221235.
   * Updated Translations:
     - Catalan (Jordi Mallach).
     - French (Christian Perrier).  Closes: #246359.
     - Italian (Lele Gaifax).
     - Japanese manpages (KISE Hiroshi).  Closes: #248483.
     - Russian (Nikolai Prokoschenko).  Closes: #249254.
     - Spanish manpages (Ruben Porras).  Closes: #246158, #246159, #246160,
       #246161, #246162, #246163, #251830.
   * New Translations:
     - German start-stop-daemon and update-alternatives manpages
       (Helge Kreutzmann).  Closes: #247116, #249454.
     - Spanish dpkg-scansources manpage (Ruben Porras).  Closes: #246164.
 30f042fc1f3db3d9143438f4e2306149 798 base required dpkg_1.10.22.dsc
 2fc62cd054f1be7d1f8cb8073262a120 1714586 base required dpkg_1.10.22.tar.gz
 4bc9129933db0c7b0785a489c97731dc 1276700 base required dpkg_1.10.22_i386.deb
 e0475bfa90adb09db43e61eda465c362 119716 base required dselect_1.10.22_i386.deb
 0d64ddb21e386e1b126e5aaa2e9706c4 166218 utils standard dpkg-dev_1.10.22_all.deb
 acccec3738feda8e1ff7ad3fe7db005c 10616 doc optional dpkg-doc_1.10.22_all.deb

Version: GnuPG v1.2.4 (GNU/Linux)


Reply to: