GNU bug report logs - #8292
COREUTILS-8.9: Potential bug in tests/cp/preserve-gid

Previous Next

Full log

View this message in rfc822 format

From: Jim Meyering <jim <at> meyering.net>
To: gmail <arbogast.cedric <at> gmail.com>
Cc: 8292 <at> debbugs.gnu.org
Subject: bug#8292: COREUTILS-8.9: Potential bug in tests/cp/preserve-gid
Date: Sun, 20 Mar 2011 15:37:16 +0100

gmail wrote:
...
> Normally setuidgid MUST take the parent shell environment, so i
> finally add a strace in the test to the original source :

Thanks for investigating.

> --- tests/cp/preserve-gid       2011-03-20 13:34:52.000000000 +0100
> +++ tests/cp/preserve-gid.orig  2011-01-01 22:19:23.000000000 +0100
> @@ -38,7 +38,7 @@
>    u=$1; shift
>    g=$1; shift
>    rm -f b || exit 1
> -  strace -o ../../trace.txt "$@" "$f" b || exit 1
> +  "$@" "$f" b || exit 1
>    s=`stat -c '%u %g' b`
>    if test "x$s" != "x$u $g"; then
>      # Allow the actual group to match that of the parent directory
>
> And got this .... :
...
>>>  execve("/usr/src/coreutils-8.9_build3/src/cp", ["cp", "-p", "c1",
> "b"], [/* 72 vars */]) = -1 EACCES (Permission denied)
...
> The setuidgid has the PATH, but this is an absolute PATH and PATH
> traversal with the test uid/gid  fail.

But why is that?  I.e., it implies that NON_ROOT_USERNAME (your
"cedric" user) cannot run that program, yet the README instructions
regarding how to run root tests suggest that NON_ROOT_USERNAME must
have access to the sources and built programs.

Can you reproduce the failure if you follow these guidelines from
the README file?

    I find that it is best to unpack and build as a non-privileged
    user, and then to run the following command as that user in order
    to run the privilege-requiring tests:

      sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.