[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: brightd

On Thu, Apr 26, 2007 at 08:46:09PM +0200, Evgeni Golov wrote:
> On Thu, 26 Apr 2007 12:38:49 -0500 Luis Rodrigo Gallardo Cruz wrote:
> > > Hm, could you explain that a bit more? I need the binary setuid-root,
> > > so $USER is able to write to /sys/class/backlight/
> > > I previously used install -M 4755 in debian/rules, but this did not
> > > work, because I don't build as root : (
> > 
> > Oh, ok. Well, packages *need* to be built as root, precisely so that
> > they can have any set of needed ownerships and permissions. You can
> > use fakeroot to do the build.
> I _USE_ fakeroot.
> And after the install /usr/bin/brightd is 0755, because only root (and
> not fakeroot) can setuid - if this would not be like this, everyone
> could create suidroot binaries...

Wrong. suid works under fakeroot (I actually ran it to check). What
happened in your package is that dh_fixperms strips suid bits from
files (see man dh_fixperms). Sorry for not noticing that before.

(And yes, anyone can run fakeroot and create a binary that, under
fakeroot, looks as if it had suid bits. Does not matter, since it
doesn't really have them.)

> So can I just chmod in debian/rules and hope the package will be
> rebuild as root on the buildds?

No, you *also* need to ensure dh_fixperms does not strip the bits away.
Change the call to
 dh_fixperms -X usr/bin/brightd

Rodrigo Gallardo
GPG-Fingerprint: 7C81 E60C 442E 8FBC D975  2F49 0199 8318 ADC9 BC28

Attachment: signature.asc
Description: Digital signature

Reply to: