GNU bug report logs -
#8752
cp: fchown called before fchmod, unable to set file mode
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 8752 in the body.
You can then email your comments to 8752 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org:
bug#8752; Package
coreutils.
(Sat, 28 May 2011 17:27:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Milan Novak <milan.novak <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Sat, 28 May 2011 17:27:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
I believe that cp uses wrong order of syscalls when applying target file
attributes; fchown(2) is called before fchmod(2).
As a result it looses access to target file and is unable to apply file mode
correctly; error message is as follows
"cp: preserving permissions for `target': Not owner"
The problem arises when -p (preserve attributes) is present and file owner
is different from user doing the copy.
Same operation using cp on hp-ux 11.31 is successfull, since hp-ux cp calls
chmod(2) before chown(2).
Please let me know what do you think about changing order of fchown(2) <=>
fchmod(2).
Kind Regards,
Milan
---
hp <at> mtest:/home/hp/coreutils $ id
uid=1058(hp) gid=20(users) groups=65535(last)
hp <at> mtest:/home/hp/coreutils $ ll source target
target not found
-rwxrwxrwx 1 elzu radia 32 May 20 15:50 source
hp <at> mtest:/home/hp/coreutils $ tusc -o tusc_hpuxcp.out /usr/bin/cp -p source
target; echo $? ; ll source target
0
-rwxrwxrwx 1 elzu radia 32 May 20 15:50 source
-rwxrwxrwx 1 elzu radia 32 May 20 15:50 target
hp <at> mtest:/home/hp/coreutils $ rm -f target
hp <at> mtest:/home/hp/coreutils $ tusc -o tusc_gnucp.out coreutils-8.11/src/cp
-p source target; echo $? ; ll source target
coreutils-8.11/src/cp: preserving permissions for `target': Not owner #>>>>
ERROR
1
-rwxrwxrwx 1 elzu radia 32 May 20 15:50 source
-rwx------ 1 elzu radia 32 May 20 15:50 target #>>> already owned by user
elzu, so chmod executed as user hp fails
hp <at> mtest:/home/hp/coreutils $ coreutils-8.11/src/cp --version | head -1
cp (GNU coreutils) 8.11
hp <at> mtest:/home/hp/coreutils $ uname -a
HP-UX mtest B.11.31 U ia64 2263078376 unlimited-user license
hp <at> mtest:/home/hp/coreutils $ egrep "target|chown|chmod|exit" tusc_*
tusc_hpuxcp.out:stat64("target", 0x7fffeec0)
............................................ ERR#2 ENT
tusc_hpuxcp.out:stat64("target", 0x40021110)
............................................ ERR#2 ENT
tusc_hpuxcp.out:stat64("target", 0x40021110)
............................................ ERR#2 ENT
tusc_hpuxcp.out:access("target", F_OK)
.................................................. ERR#2 ENT
tusc_hpuxcp.out:open("target", O_WRONLY|O_CREAT|O_TRUNC|0x800, 0)
....................... = 6
tusc_hpuxcp.out:utime("target", 0x7fffe5f0)
............................................. = 0
tusc_hpuxcp.out:chmod("target", 0100777)
................................................ = 0
tusc_hpuxcp.out:chown("target", 1021, 1005)
............................................. = 0
tusc_hpuxcp.out:chmod("target", 0100777)
................................................ ERR#1 EPM
tusc_hpuxcp.out:exit(0)
................................................................. WIFE)
tusc_gnucp.out:stat64("target", 0x7fffedf0)
............................................ ERR#2T
tusc_gnucp.out:stat64("target", 0x7fffeac0)
............................................ ERR#2T
tusc_gnucp.out:open("target", O_WRONLY|O_CREAT|O_EXCL|0x800, 0700)
..................... = 5
tusc_gnucp.out:utime("target", 0x7fffe7a8)
............................................. = 0
tusc_gnucp.out:fchown(5, 1021, 1005)
................................................... = 0 #>>> the problem
is HERE, CHOWN goes before CHMOD;
tusc_gnucp.out:fchmod(5, 0100777)
...................................................... ERR#1M #>>> this
fails, since user hp is not the owner of the file anymore
tusc_gnucp.out:exit(1)
................................................................. WIFEX)
[Message part 2 (text/html, inline)]
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org:
bug#8752; Package
coreutils.
(Sun, 29 May 2011 19:29:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 8752 <at> debbugs.gnu.org (full text, mbox):
On 05/28/11 06:10, Milan Novak wrote:
> I believe that cp uses wrong order of syscalls when applying target file
> attributes; fchown(2) is called before fchmod(2).
> As a result it looses access to target file and is unable to apply file mode
> correctly; error message is as follows
> "cp: preserving permissions for `target': Not owner"
The general idea in coreutils is given in the following
comment in lib/dirchownmod.c:
/* On some systems, chown clears S_ISUID and S_ISGID, so do
chown before chmod. On older System V hosts, ordinary
users can give their files away via chown; don't worry
about that here, since users shouldn't do that. */
HP-UX is one of the "older System V hosts" that by default allows
ordinary users to give their files away. This is a mild security
hole, so modern operating systems typically don't allow it.
To get this safer behavior on HP-UX, you can do something like the
following, as the superuser:
# echo "-n CHOWN" >>/etc/privgrp
# setprivgrp -f /etc/privgroup
I suppose coreutils might be modified to work in this (from our
point of view) dinosaurian environment, but it wouldn't be trivial,
since it's vital for the code to still work in the more-typical
case where one should chown before chmod.
If someone (maybe you?) could suggest a patch to coreutils that
fixes the problem on HP-UX and is easy to follow and that doesn't
break or slow down coreutils on typical systems, that'd be nice.
But I suspect you'd be better off disabling CHOWN as shown above,
as that's more secure; besides, coreutils is not the only package
that has problems with the default HP-UX settings.
For more on this please see:
http://lists.gnu.org/archive/html/bug-gzip/2007-06/msg00005.html
You might also want to look at HP's Bastille product: it's
free and it should improve your site's security (the above is one
of the hundreds of security holes it'll close).
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org:
bug#8752; Package
coreutils.
(Sun, 29 May 2011 19:32:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 8752 <at> debbugs.gnu.org (full text, mbox):
On 05/29/11 12:27, Paul Eggert wrote:
> # echo "-n CHOWN" >>/etc/privgrp
> # setprivgrp -f /etc/privgroup
Whoops, obviously I misspelled one of those two file names.
I think the second one is right. But you should read the
manuals and check before trying it (I haven't used HP-UX
in years).
Reply sent
to
Bob Proulx <bob <at> proulx.com>:
You have taken responsibility.
(Wed, 01 Jun 2011 19:18:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Milan Novak <milan.novak <at> gmail.com>:
bug acknowledged by developer.
(Wed, 01 Jun 2011 19:18:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 8752-done <at> debbugs.gnu.org (full text, mbox):
Paul Eggert wrote:
> Paul Eggert wrote:
> > # echo "-n CHOWN" >>/etc/privgrp
> > # setprivgrp -f /etc/privgroup
>
> Whoops, obviously I misspelled one of those two file names.
> I think the second one is right. But you should read the
> manuals and check before trying it (I haven't used HP-UX
> in years).
The first was the misspelling, the second was the correct name.
Just to be clear, this next command will set it interactively. You
can test the behavior without having made any permanent changes. But
if you reboot the change will be gone.
# setprivgrp -n CHOWN
Setting this file /etc/privgroup with the following contents will make
it persistent at boot time:
-n CHOWN
See 'man 1m setprivgrp' for the HP-UX documentation.
And since I think this completely resolves the issue I am going to
close the ticket on it. Please feel free to add additional comments.
If needed the ticket can be reopened at any time.
Bob
Message #17 received at 8752-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello Bob,
Thanks for clarification, I'm well aware of setprivgrp options.
OK, go ahead and close the ticket.
Thanks for your time!
Kind Regards,
Milan
On Wed, Jun 1, 2011 at 9:17 PM, Bob Proulx <bob <at> proulx.com> wrote:
> Paul Eggert wrote:
> > Paul Eggert wrote:
> > > # echo "-n CHOWN" >>/etc/privgrp
> > > # setprivgrp -f /etc/privgroup
> >
> > Whoops, obviously I misspelled one of those two file names.
> > I think the second one is right. But you should read the
> > manuals and check before trying it (I haven't used HP-UX
> > in years).
>
> The first was the misspelling, the second was the correct name.
>
> Just to be clear, this next command will set it interactively. You
> can test the behavior without having made any permanent changes. But
> if you reboot the change will be gone.
>
> # setprivgrp -n CHOWN
>
> Setting this file /etc/privgroup with the following contents will make
> it persistent at boot time:
>
> -n CHOWN
>
> See 'man 1m setprivgrp' for the HP-UX documentation.
>
> And since I think this completely resolves the issue I am going to
> close the ticket on it. Please feel free to add additional comments.
> If needed the ticket can be reopened at any time.
>
> Bob
>
[Message part 2 (text/html, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 30 Jun 2011 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 13 years and 357 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.