Assaf Gordon <assafgordon@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Assaf Gordon <assafgordon@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 22511) by debbugs.gnu.org; 1 Feb 2016 09:33:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 01 04:33:11 2016 Received: from localhost ([127.0.0.1]:43899 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1aQAr8-0000aq-Tb for submit <at> debbugs.gnu.org; Mon, 01 Feb 2016 04:33:11 -0500 Received: from mail-wm0-f46.google.com ([74.125.82.46]:36216) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from <williamdiluigi@HIDDEN>) id 1aQAr7-0000ae-Bq for 22511 <at> debbugs.gnu.org; Mon, 01 Feb 2016 04:33:10 -0500 Received: by mail-wm0-f46.google.com with SMTP id p63so60588079wmp.1 for <22511 <at> debbugs.gnu.org>; Mon, 01 Feb 2016 01:33:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=gt+fcf0PmGpCKp7RkoKPEkbxS3Lw6AaynLU2rqpUhmg=; b=NbtOeocPkGOWtSxdvP2T2PFiQKVmuKdhpsi0k4HKNWaSxLY5dHKN5Gvfel/YxB5E83 dz4YpCGoWY7UaDe0gN01YRUU11mV4Ms+djhB+qvdfyV0EpKrPoROSHJg/zt+ZvGgKM1z SGRA0+OPimmeLRdhLzNYeA1ssoBs3OyF8b+1Wnbg0lKZhgMJBvHwOxDN0ppvig4LoSAc neVV6hfQOfm91edjHcRJETKr4FoS2DrkI46aIhJk93PmWUOAC5QptKMqD6YirP4wK1f2 bLPhdvptvFK0pQixO6SjiLK07KDVrdPi5AnJakWMbh7pW6APUsiS4FzsoG5oC6Wlpp0k oCRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=gt+fcf0PmGpCKp7RkoKPEkbxS3Lw6AaynLU2rqpUhmg=; b=bHMiEa4U+280oeXYqLdWed+IWua/60LmpMl/mvYmBr8TIs6Uu7E3xyI/ynrwzpLpFH pA09/mBCnE/LpY2VvXOrJ3LMHvegj0YBNVltaEigRT9cubOshC9UnKecW07SscoU5KyO 2dXtU7/FQTBhiNpkYLrI1UDysuQs6jXusCRNgnXb5mVd1eATtPVi2rf5LCmdM8H9AEQo RtCxKgKKvuV7GbK7B2rLZxdKJahi/OzVgdIyK8aTScEuYyK+qsmnQyh3xVxO2NUhzZyQ 1VON5MIqwBX/Mf7a6JL/T43+4ETdXu1CYREWL34Xw2+Ic8N09wSrQBK0n4DsO+BwjjBs PvJg== X-Gm-Message-State: AG10YOR3le0bMSpDquB78XXEw6nNsE7VkOTZAFhcdo4T2/4Po6Y+QzCLBIyBNy1CAp49xsxTEQ0NN8odc6n2Qw== X-Received: by 10.194.204.225 with SMTP id lb1mr20490278wjc.156.1454319183609; Mon, 01 Feb 2016 01:33:03 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.80.230 with HTTP; Mon, 1 Feb 2016 01:32:43 -0800 (PST) In-Reply-To: <20160201082030.GA15972@HIDDEN> References: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN> <20160201082030.GA15972@HIDDEN> From: William Di Luigi <williamdiluigi@HIDDEN> Date: Mon, 1 Feb 2016 10:32:43 +0100 Message-ID: <CAJNpUg5xin9fCsj9dbBX3Ssj34NHocy6sORfkV8hJMKfNsw5bw@HIDDEN> Subject: Re: bug#22511: [request] Add "--preserve-setuid" to the chown command To: Erik Auerswald <auerswal@HIDDEN> Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 22511 Cc: 22511 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.7 (/) On Mon, Feb 1, 2016 at 9:20 AM, Erik Auerswald <auerswal@HIDDEN> wrote: > How about using "install" to install files, setting owner and mode bits > in one go? Mmm I guess it's just that, since I'm packaging an already existing software, I'd like to patch it as little as possible. In fact, the Makefile for this software already sets the setuid bit on the file that needs it. I only need to change the group of that file (and thus I need to run the chown command on it). However, since chown removes the setuid bit, I have to "add it back" in the packaging script. It doesn't make much of a difference, since I can just do chown and chmod (as I currently do). However, if the proposed flag is implemented, I can avoid "adding back" the setuid bit and thus I can simplify the packaging script (well, not by much, I would remove just 2 lines: the chmod line and the bash comment explaining why the chmod is there). -- William
bug-coreutils@HIDDEN:bug#22511; Package coreutils.
Full text available.
Received: (at 22511) by debbugs.gnu.org; 1 Feb 2016 08:20:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 01 03:20:36 2016
Received: from localhost ([127.0.0.1]:43853 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1aQ9iu-0006nI-4o
for submit <at> debbugs.gnu.org; Mon, 01 Feb 2016 03:20:36 -0500
Received: from mailgw1.uni-kl.de ([131.246.120.220]:56027)
by debbugs.gnu.org with esmtp (Exim 4.84)
(envelope-from <auerswal@HIDDEN>) id 1aQ9ir-0006n7-GK
for 22511 <at> debbugs.gnu.org; Mon, 01 Feb 2016 03:20:34 -0500
Received: from sushi.unix-ag.uni-kl.de (sushi.unix-ag.uni-kl.de
[IPv6:2001:638:208:ef34:0:ff:fe00:65])
by mailgw1.uni-kl.de (8.14.4/8.14.4/Debian-7) with ESMTP id u118KU4n011470
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT);
Mon, 1 Feb 2016 09:20:30 +0100
Received: from sushi.unix-ag.uni-kl.de (ip6-localhost [IPv6:::1])
by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Debian-4) with ESMTP id
u118KUpw017593
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Mon, 1 Feb 2016 09:20:30 +0100
Received: (from auerswal@localhost)
by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Submit) id u118KUFG017592;
Mon, 1 Feb 2016 09:20:30 +0100
Date: Mon, 1 Feb 2016 09:20:30 +0100
From: Erik Auerswald <auerswal@HIDDEN>
To: William Di Luigi <williamdiluigi@HIDDEN>
Subject: Re: bug#22511: [request] Add "--preserve-setuid" to the chown command
Message-ID: <20160201082030.GA15972@HIDDEN>
References: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Score: -2.9 (--)
X-Debbugs-Envelope-To: 22511
Cc: 22511 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.9 (--)
Hi,
On Mon, Feb 01, 2016 at 03:33:29AM +0100, William Di Luigi wrote:
> if I understand it correctly, chown clears the setuid bit for security
> reasons (since, when changing the owner or group for a file, you could
> potentially be allowing *new people* to run that file as root).
>
> While this is good for security, sometimes you want to be able to
> preserve the setuid bit. For example, when packaging software
> (https://bbs.archlinux.org/viewtopic.php?pid=1600551)
How about using "install" to install files, setting owner and mode bits
in one go?
HTH,
Erik
--
Always use the right tool for the job.
-- Rob Pike
bug-coreutils@HIDDEN:bug#22511; Package coreutils.
Full text available.Received: (at submit) by debbugs.gnu.org; 1 Feb 2016 03:16:48 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jan 31 22:16:48 2016 Received: from localhost ([127.0.0.1]:43708 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1aQ4yt-00081i-Uv for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 22:16:48 -0500 Received: from eggs.gnu.org ([208.118.235.92]:55278) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JR-00072u-WB for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 21:33:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JM-0007PE-0A for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 21:33:52 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:56448) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JL-0007PA-Tk for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 21:33:51 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46249) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JK-0000MA-W5 for bug-coreutils@HIDDEN; Sun, 31 Jan 2016 21:33:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JK-0007P0-3G for bug-coreutils@HIDDEN; Sun, 31 Jan 2016 21:33:50 -0500 Received: from mail-wm0-x22b.google.com ([2a00:1450:400c:c09::22b]:37799) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JJ-0007Oe-QC for bug-coreutils@HIDDEN; Sun, 31 Jan 2016 21:33:49 -0500 Received: by mail-wm0-x22b.google.com with SMTP id l66so50950713wml.0 for <bug-coreutils@HIDDEN>; Sun, 31 Jan 2016 18:33:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=DuXh2jLfIAFULT8+LTnlde8i4KfpqIg/f3wUzJRt44A=; b=WplaabLapSk5Bx8iinGSYY9r0KCV/Xi5+fWyw3hsuCKzq4H40CvO9jwDHtFcMQ5TIw 7EgM9qxYPFa+vc5QnidzSNPi8tQpAhNOX/lPX9kvEATxCmdkJEtWqso+JtUoredkqRxM HFgVXXLaHwyMD05aim+zR6u5kQ7NnPHVzBSOC7TpDFtXb4HMkog19AhuhkWwzlckwq7I kOkpA8+Muq9YBhONJg/an7ano46r5bqS9B0tcd9s2n6s0I3ZTTv0y2b8JjzwbDZZm2UV LRYjCEI9dZOO03kIIGclQDtsulJRuguYUTFUF2tHWX3Gnuf0y4GDZ8R3T5couJCKdmNl eh2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=DuXh2jLfIAFULT8+LTnlde8i4KfpqIg/f3wUzJRt44A=; b=WjHzW1jeOyrQzOfqWizDqlP8ZDQxccW/3+ni9cAGJFCxS1xCzLn5w4K7nzUw7EhVhw 4588WrLLjwFydkWztMcwyPvL24QOaYHhW2y0//0SNuSowIAqNaNfQYo51Ovr53y7KkBY /JmjkZwEztWMBEnid8VZ4sgHWoWrRQqiW1V13baQ95/46eKdqi/D7WZ6wcIjUmbsEELQ oqjuPLY+MQMyVmRLGqi7WT0YUJgfIdt9V1mGZm4FX5SrhZWll9K8P1L+xYLM5+7hrcK7 c4/mPqPnAZTm1+FEAxX4Q8kemtgE3p5Ao/YRi1LH58IvKEPbjMzYb/jmGhv7XZe7pCMj 2jPA== X-Gm-Message-State: AG10YOSWnfX0iL2a2RZHm6a79siUQhRwJlrp/6ah/B9lwxbKCO0gsQsxu4ZYZlcpluJxDEPzUKijdgiW0jSsXQ== X-Received: by 10.194.187.240 with SMTP id fv16mr19874313wjc.39.1454294028839; Sun, 31 Jan 2016 18:33:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.80.230 with HTTP; Sun, 31 Jan 2016 18:33:29 -0800 (PST) From: William Di Luigi <williamdiluigi@HIDDEN> Date: Mon, 1 Feb 2016 03:33:29 +0100 Message-ID: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN> Subject: [request] Add "--preserve-setuid" to the chown command To: bug-coreutils@HIDDEN Content-Type: text/plain; charset=UTF-8 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 31 Jan 2016 22:16:47 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.0 (----) Hi, if I understand it correctly, chown clears the setuid bit for security reasons (since, when changing the owner or group for a file, you could potentially be allowing *new people* to run that file as root). While this is good for security, sometimes you want to be able to preserve the setuid bit. For example, when packaging software (https://bbs.archlinux.org/viewtopic.php?pid=1600551) What do you think about adding a "--preserve-setuid" optional flag? Regards, William
William Di Luigi <williamdiluigi@HIDDEN>:bug-coreutils@HIDDEN.
Full text available.bug-coreutils@HIDDEN:bug#22511; Package coreutils.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.