rrr:no dh_strip or strip loose setuid bit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
debhelper (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
I have rebuilt an earlier version of virtualbox, that sets Rules-Requires-
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
debian/rules override_dh_strip
make[1]: Entering directory '/<<PKGBUILDDIR>>'
ls -latr debian/
-rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/
...
dh_strip --dbgsym-
debugedit: debian/
a7cf3c43c8b18c3
ls -latr debian/
-rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/
It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up.
Changed in bash (Ubuntu): | |
status: | New → Invalid |
Changed in dash (Ubuntu): | |
status: | New → Invalid |
Changed in debhelper (Ubuntu): | |
status: | New → Triaged |
Changed in debugedit (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
tags: | added: patch |
no longer affects: | virtualbox (Ubuntu) |
no longer affects: | linux (Ubuntu) |
no longer affects: | debugedit (Ubuntu) |
no longer affects: | dash (Ubuntu) |
no longer affects: | bash (Ubuntu) |
no longer affects: | binutils (Ubuntu) |
Changed in debhelper (Ubuntu): | |
importance: | Undecided → High |
tags: | added: regression-release |
I updated debugedit to 5.0 version, the changelog looks like adding some errors when chmod can't be done correctly
@@ -3419,7 +3431,8 @@
}
/* Make sure we can read and write */
- chmod (file, stat_buf.st_mode | S_IRUSR | S_IWUSR);
+ if (chmod (file, stat_buf.st_mode | S_IRUSR | S_IWUSR) != 0)
+ error (0, errno, "Failed to chmod input file '%s' to make sure we can read and write", file);
fd = open (file, O_RDWR);
if (fd < 0)
@@ -3635,7 +3648,8 @@
close (fd);
/* Restore old access rights */
- chmod (file, stat_buf.st_mode);
+ if (chmod (file, stat_buf.st_mode) != 0)
+ error (0, errno, "Failed to chmod input file '%s' to restore old access rights", file);
free ((char *) dso->filename);
destroy_strings (&dso->debug_str);
@@ -349,7 +352,8 @@
}
/* Make sure we can read and write */
- chmod (fname, stat_buf.st_mode | S_IRUSR | S_IWUSR);
+ if (chmod (fname, stat_buf.st_mode | S_IRUSR | S_IWUSR) != 0)
+ error (0, errno, _("cannot chmod \"%s\" to make sure we can read and write"), fname);
bool failed = false;
int fd = open64 (fname, O_RDWR);
@@ -386,7 +390,8 @@
}
/* Restore old access rights. Including any suid bits reset. */
- chmod (fname, stat_buf.st_mode);
+ if (chmod (fname, stat_buf.st_mode) != 0)
+ error (0, errno, _("cannot chmod \"%s\" to restore old access rights"), fname);
if (failed)
failed_count++;
and similar.