Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#37174 - [pacman] use getuid instead of geteuid
Attached to Project:
Pacman
Opened by Naszar (naszar) - Thursday, 03 October 2013, 00:32 GMT
Last edited by Allan McRae (Allan) - Thursday, 31 October 2013, 10:56 GMT
Opened by Naszar (naszar) - Thursday, 03 October 2013, 00:32 GMT
Last edited by Allan McRae (Allan) - Thursday, 31 October 2013, 10:56 GMT
|
DetailsDescription:
There is strange behaviour, when pacman's binary with SETUID attribute (i.e. chmod +s /usr/bin/pacman): pacman can extract files from package to / but cannot run any install scripts because bash runs without root acess (i.e. bash sets EUID to UID). As result we have not full install of package. I think that's will be more correct prevent pacman's execution from the not priveleged user (i.e. in src/pacman/pacman.c:778 use not geteuid() but getuid()). Or if pacman must work with enabled SETUID attribute, it's necessary set UID to EUID before call bash. Additional info: * package version(s) * config and/or log files etc. Steps to reproduce: [user@localhost ~]$ id uid=1000(user) gid=1000(user) groups=1000(user) [user@localhost ~]$ ls -l /usr/bin/pacman -rwsr-sr-x 1 root root 108856 Jun 18 04:03 /usr/bin/pacman [user@localhost ~]$ pacman -S --noprogressbar gpm resolving dependencies... looking for inter-conflicts... Packages (1): gpm-1.20.7-3 Total Download Size: 0.12 MiB Total Installed Size: 0.39 MiB :: Proceed with installation? [Y/n] y warning: couldn't find or create package cache, using /tmp/ instead :: Retrieving packages ... downloading gpm-1.20.7-3-i686.pkg.tar.xz... checking keyring... checking package integrity... loading package files... checking for file conflicts... checking available disk space... installing gpm... /usr/bin/bash: /tmp/alpm_UktsMO/.INSTALL: Permission denied /usr/bin/bash: post_install: command not found error: command failed to execute correctly [user@localhost ~]$ pacman -Qi gpm Name : gpm Version : 1.20.7-3 Description : A mouse server for the console and xterm <cut> [user@localhost ~]$ ls -l /etc/profile.d/gpm.sh -rwxr-xr-x 1 root root 102 May 12 08:09 /etc/profile.d/gpm.sh |
This task depends upon
Closed by Allan McRae (Allan)
Thursday, 31 October 2013, 10:56 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 7e767b7e
Thursday, 31 October 2013, 10:56 GMT
Reason for closing: Fixed
Additional comments about closing: git commit 7e767b7e
Comment by Naszar (naszar) -
Thursday, 03 October 2013, 01:23 GMT
Sorry for my english and for title "SUMMARY".. I can't correct it (I mean title ).. and it's my first report.
Comment by Dave Reisner (falconindy) -
Thursday, 03 October 2013, 23:33 GMT
Interesting problem, but I don't think there's anything to fix here. pacman simply isn't equipped to be setuid (nor do I think this is a good idea).
Comment by Naszar (naszar) -
Friday, 04 October 2013, 01:01 GMT
But if pacman isn't equipped to be setuid, there is one small fix to force it exit with error message in that case. I think so, becouse it is no sence continue package install when UID != 0. Sorry to disturb your.
Comment by Allan McRae (Allan) -
Monday, 14 October 2013, 03:44 GMT
This seems reasonable. Please either create a git formatted patch and send to the pacman-dev list, or provide an name and email address that I can use to attribute the change to you.
Comment by Naszar (naszar) -
Sunday, 20 October 2013, 06:47 GMT
OK, it's sended.
Comment by Allan McRae (Allan) -
Sunday, 20 October 2013, 07:17 GMT
That did not go through. I guess you are not subscribed? You can attach it here and I will deal with the mailing list.
Comment by Naszar (naszar) -
Sunday, 20 October 2013, 07:24 GMT
OK.Here it.
myuid_to_getuid.patch
(0.4 KiB)