[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK7LNAS4VfYLLBZn=Fkd+D5D+3ejVd4jPFLtWu6joLxVXtxKUg@mail.gmail.com>
Date: Wed, 28 Oct 2020 15:00:22 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Sven Joachim <svenjoac@....de>
Cc: Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Guillem Jover <guillem@...rons.org>
Subject: Re: [PATCH 1/2] builddeb: Fix rootless build in setuid/setgid directory
On Tue, Oct 27, 2020 at 4:32 AM Sven Joachim <svenjoac@....de> wrote:
>
> Building 5.10-rc1 in a setgid directory failed with the following
> error:
>
> dpkg-deb: error: control directory has bad permissions 2755 (must be
> >=0755 and <=0775)
>
> When building with fakeroot, the earlier chown call would have removed
> the setgid bits, but in a rootless build they remain.
>
Applied to linux-kbuild. Thanks.
I agreed with "g-s" but was not sure about "u-s"
because nothing is explained about setuid,
and the setuid bit against directories seems to have no effect.
It was interesting to read this article:
https://superuser.com/questions/471844/why-is-setuid-ignored-on-directories
Also, it is summarized in the wikipedia
https://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories
"The setuid permission set on a directory is ignored on most UNIX and
Linux systems.[citation needed] However FreeBSD can be configured to
interpret setuid in a manner similar to setgid, in which case it
forces all files and sub-directories created in a directory to be
owned by that directory's owner - a simple form of inheritance.[5]
This is generally not needed on most systems derived from BSD, since
by default directories are treated as if their setgid bit is always
set, regardless of the actual value. As is stated in open(2), "When a
new file is created it is given the group of the directory which
contains it.""
After all, I am convinced that it would not hurt to do "u-s"
although I have never tested kernel builds on FreeBSD.
> Fixes: 3e8541803624 ("builddeb: Enable rootless builds")
> Cc: Guillem Jover <guillem@...rons.org>
> Signed-off-by: Sven Joachim <svenjoac@....de>
> ---
> scripts/package/builddeb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/scripts/package/builddeb b/scripts/package/builddeb
> index 1b11f8993629..91a502bb97e8 100755
> --- a/scripts/package/builddeb
> +++ b/scripts/package/builddeb
> @@ -45,6 +45,8 @@ create_package() {
> chmod -R go-w "$pdir"
> # in case we are in a restrictive umask environment like 0077
> chmod -R a+rX "$pdir"
> + # in case we build in a setuid/setgid directory
> + chmod -R ug-s "$pdir"
>
> # Create the package
> dpkg-gencontrol -p$pname -P"$pdir"
> --
> 2.28.0
>
--
Best Regards
Masahiro Yamada
Powered by blists - more mailing lists