FS#37174 - [pacman] use getuid instead of geteuid
Attached to Project:
Pacman
Opened by Naszar (naszar) - Thursday, 03 October 2013, 00:32 GMT
Last edited by Allan McRae (Allan) - Thursday, 31 October 2013, 10:56 GMT
Opened by Naszar (naszar) - Thursday, 03 October 2013, 00:32 GMT
Last edited by Allan McRae (Allan) - Thursday, 31 October 2013, 10:56 GMT
|
Details
Description:
There is strange behaviour, when pacman's binary with SETUID attribute (i.e. chmod +s /usr/bin/pacman): pacman can extract files from package to / but cannot run any install scripts because bash runs without root acess (i.e. bash sets EUID to UID). As result we have not full install of package. I think that's will be more correct prevent pacman's execution from the not priveleged user (i.e. in src/pacman/pacman.c:778 use not geteuid() but getuid()). Or if pacman must work with enabled SETUID attribute, it's necessary set UID to EUID before call bash. Additional info: * package version(s) * config and/or log files etc. Steps to reproduce: [user@localhost ~]$ id uid=1000(user) gid=1000(user) groups=1000(user) [user@localhost ~]$ ls -l /usr/bin/pacman -rwsr-sr-x 1 root root 108856 Jun 18 04:03 /usr/bin/pacman [user@localhost ~]$ pacman -S --noprogressbar gpm resolving dependencies... looking for inter-conflicts... Packages (1): gpm-1.20.7-3 Total Download Size: 0.12 MiB Total Installed Size: 0.39 MiB :: Proceed with installation? [Y/n] y warning: couldn't find or create package cache, using /tmp/ instead :: Retrieving packages ... downloading gpm-1.20.7-3-i686.pkg.tar.xz... checking keyring... checking package integrity... loading package files... checking for file conflicts... checking available disk space... installing gpm... /usr/bin/bash: /tmp/alpm_UktsMO/.INSTALL: Permission denied /usr/bin/bash: post_install: command not found error: command failed to execute correctly [user@localhost ~]$ pacman -Qi gpm Name : gpm Version : 1.20.7-3 Description : A mouse server for the console and xterm <cut> [user@localhost ~]$ ls -l /etc/profile.d/gpm.sh -rwxr-xr-x 1 root root 102 May 12 08:09 /etc/profile.d/gpm.sh |
This task depends upon
Closed by Allan McRae (Allan)
Thursday, 31 October 2013, 10:56 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 7e767b7e
Thursday, 31 October 2013, 10:56 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 7e767b7e
Comment by Naszar (naszar) -
Thursday, 03 October 2013, 01:23 GMT
Sorry for my english and for title "SUMMARY".. I can't correct it
(I mean title ).. and it's my first report.
Comment by
Dave Reisner (falconindy) -
Thursday, 03 October 2013, 23:33 GMT
Interesting problem, but I don't think there's anything to fix
here. pacman simply isn't equipped to be setuid (nor do I think
this is a good idea).
Comment by Naszar (naszar) -
Friday, 04 October 2013, 01:01 GMT
But if pacman isn't equipped to be setuid, there is one small fix
to force it exit with error message in that case. I think so,
becouse it is no sence continue package install when UID != 0.
Sorry to disturb your.
myuid_to_getuid.patch
(0.4 KiB)
Comment by Allan McRae (Allan) -
Monday, 14 October 2013, 03:44 GMT
This seems reasonable. Please either create a git formatted patch
and send to the pacman-dev list, or provide an name and email
address that I can use to attribute the change to you.
Comment by Naszar (naszar) -
Sunday, 20 October 2013, 06:47 GMT
OK, it's sended.
Comment by Allan McRae (Allan) -
Sunday, 20 October 2013, 07:17 GMT
That did not go through. I guess you are not subscribed? You can
attach it here and I will deal with the mailing list.
Comment by Naszar (naszar) -
Sunday, 20 October 2013, 07:24 GMT
OK.Here it.
0001-use-getuid-instead-of-ge...
(0.8 KiB)