GNU bug report logs - #40922
gnu: udevil: Fix loading of setuid-programs.

Previous Next

Package: guix-patches;

Reported by: Raghav Gururajan <raghavgururajan <at> disroot.org>

Date: Tue, 28 Apr 2020 07:02:02 UTC

Severity: normal

Done: Danny Milosavljevic <dannym <at> scratchpost.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40922 in the body.
You can then email your comments to 40922 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#40922; Package guix-patches. (Tue, 28 Apr 2020 07:02:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Raghav Gururajan <raghavgururajan <at> disroot.org>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Tue, 28 Apr 2020 07:02:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Raghav Gururajan <raghavgururajan <at> disroot.org>
To: guix-patches <at> gnu.org
Subject: gnu: udevil: Fix loading of setuid-programs.
Date: Tue, 28 Apr 2020 02:52:28 -0400

[Message part 1 (text/plain, inline)]


[0001-gnu-udevil-Fix-loading-of-setuid-programs.patch (text/x-patch, attachment)]







Information forwarded
to guix-patches <at> gnu.org:

bug#40922; Package guix-patches.
 (Fri, 01 May 2020 12:25:01 GMT) Full text and rfc822 format available.



Message #8 received at 40922 <at> debbugs.gnu.org (full text, mbox):


From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Raghav Gururajan <raghavgururajan <at> disroot.org>
Cc: 40922 <at> debbugs.gnu.org
Subject: Re: [bug#40922] gnu: udevil: Fix loading of setuid-programs.
Date: Fri, 1 May 2020 14:24:05 +0200



[Message part 1 (text/plain, inline)]


Hi Raghav,

On Tue, 28 Apr 2020 02:52:28 -0400
Raghav Gururajan <raghavgururajan <at> disroot.org> wrote:

> [1] Patched references to mount, umount, losetup and setfacl; as udevil
> expects these programs to have uid set as root.
> [2] Patched references to udevil; as udevil itself and devmon expects
> udevil to have uid set as root.

Why are both needed at the same time?  If udevil is setuid root, then the
other tools are invoked as root anyway, right?  Or does udevil drop root
privileges?  (short look into src/udevil.c suggests yes)

Is there a description from upstream how all that is supposed to work?

Remainder OK.



[Message part 2 (application/pgp-signature, inline)]







Information forwarded
to guix-patches <at> gnu.org:

bug#40922; Package guix-patches.
 (Fri, 01 May 2020 14:06:01 GMT) Full text and rfc822 format available.



Message #11 received at 40922 <at> debbugs.gnu.org (full text, mbox):


From: Raghav Gururajan <raghavgururajan <at> disroot.org>
To: Danny Milosavljevic <dannym <at> scratchpost.org>
Cc: 40922 <at> debbugs.gnu.org
Subject: Re: [bug#40922] gnu: udevil: Fix loading of setuid-programs.
Date: Fri, 1 May 2020 10:05:06 -0400



Hi Danny!

> Why are both needed at the same time?  If udevil is setuid root, then the
> other tools are invoked as root anyway, right?  Or does udevil drop root
> privileges?  (short look into src/udevil.c suggests yes)

Yes, both are needed at same time. I tried them alternatively, did not work.
As you mentioned, it drops previleges (file:src/udevil.c ; line:5061).

> Is there a description from upstream how all that is supposed to work?

There is some description in "Set SUID" section of README file
(https://github.com/IgnorantGuru/udevil/blob/master/README).

> Remainder OK.

Thanks!

Regards,
RG.











Reply sent
to Danny Milosavljevic <dannym <at> scratchpost.org>:

You have taken responsibility.
 (Fri, 01 May 2020 14:39:02 GMT) Full text and rfc822 format available.







Notification sent
to Raghav Gururajan <raghavgururajan <at> disroot.org>:

bug acknowledged by developer.
 (Fri, 01 May 2020 14:39:02 GMT) Full text and rfc822 format available.



Message #16 received at 40922-done <at> debbugs.gnu.org (full text, mbox):


From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Raghav Gururajan <raghavgururajan <at> disroot.org>
Cc: 40922-done <at> debbugs.gnu.org
Subject: Re: [bug#40922] gnu: udevil: Fix loading of setuid-programs.
Date: Fri, 1 May 2020 16:38:38 +0200



[Message part 1 (text/plain, inline)]


Pushed to guix master as commit 8546f4da5b3677001dbda6b3a116f5bdc44ea5c0.



[Message part 2 (application/pgp-signature, inline)]











bug archived.
Request was from Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
 (Sat, 30 May 2020 11:24:04 GMT) Full text and rfc822 format available.





This bug report was last modified 5 years and 99 days ago.





Previous Next






GNU bug tracking system

Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.