| 2018-07-03 17:55:36 |
Jamie Strandboge |
bug |
|
|
added bug |
| 2018-07-03 18:35:37 |
Jamie Strandboge |
summary |
unsquashfs strips sticky bit when run as non-root |
unsquashfs does not preserve sticky bit when run as non-root |
|
| 2018-07-03 18:35:43 |
Jamie Strandboge |
squashfs-tools (Ubuntu): status |
New |
In Progress |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Bionic |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
bug task added |
|
squashfs-tools (Ubuntu Bionic) |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Trusty |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
bug task added |
|
squashfs-tools (Ubuntu Trusty) |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Cosmic |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
bug task added |
|
squashfs-tools (Ubuntu Cosmic) |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Xenial |
|
| 2018-07-03 18:36:02 |
Jamie Strandboge |
bug task added |
|
squashfs-tools (Ubuntu Xenial) |
|
| 2018-07-03 18:36:12 |
Jamie Strandboge |
squashfs-tools (Ubuntu Trusty): status |
New |
Triaged |
|
| 2018-07-03 18:36:14 |
Jamie Strandboge |
squashfs-tools (Ubuntu Xenial): status |
New |
Triaged |
|
| 2018-07-03 18:36:17 |
Jamie Strandboge |
squashfs-tools (Ubuntu Bionic): status |
New |
Triaged |
|
| 2018-07-03 18:36:19 |
Jamie Strandboge |
squashfs-tools (Ubuntu Trusty): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2018-07-03 18:36:21 |
Jamie Strandboge |
squashfs-tools (Ubuntu Xenial): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2018-07-03 18:36:23 |
Jamie Strandboge |
squashfs-tools (Ubuntu Bionic): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2018-07-03 18:36:25 |
Jamie Strandboge |
squashfs-tools (Ubuntu Cosmic): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2018-07-03 18:36:47 |
Jamie Strandboge |
description |
From https://sourceforge.net/p/squashfs/mailman/message/36343213/"
"This set is an attempt to preserve the sticky bit when running unsquashfs as a
non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit
in the case of a squashfs image containing a world-writable directory filled
with files owned by a single user. Dropping the sticky bit could be considered
to be a real bug in that scenario." |
From https://sourceforge.net/p/squashfs/mailman/message/36343213/"
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-03 18:36:56 |
Jamie Strandboge |
description |
From https://sourceforge.net/p/squashfs/mailman/message/36343213/"
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-05 20:54:36 |
Jamie Strandboge |
squashfs-tools (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
| 2018-07-05 20:54:42 |
Jamie Strandboge |
squashfs-tools (Ubuntu Trusty): status |
Triaged |
In Progress |
|
| 2018-07-05 20:54:44 |
Jamie Strandboge |
squashfs-tools (Ubuntu Xenial): status |
Triaged |
In Progress |
|
| 2018-07-05 20:54:46 |
Jamie Strandboge |
squashfs-tools (Ubuntu Bionic): status |
Triaged |
In Progress |
|
| 2018-07-05 20:55:25 |
Jamie Strandboge |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903085 |
|
| 2018-07-05 20:55:25 |
Jamie Strandboge |
bug task added |
|
squashfs-tools (Debian) |
|
| 2018-07-05 21:16:05 |
Jamie Strandboge |
description |
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verified the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777 and the file 0775:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-05 21:21:17 |
Jamie Strandboge |
description |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verified the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777 and the file 0775:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verified the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777 and the file 0775:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs which fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-05 22:51:45 |
Bug Watch Updater |
squashfs-tools (Debian): status |
Unknown |
New |
|
| 2018-07-06 01:26:21 |
Launchpad Janitor |
squashfs-tools (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2018-07-06 12:19:01 |
Jamie Strandboge |
description |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verified the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777 and the file 0775:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs which fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verify the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777 and the file 0775:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs which fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-06 12:19:21 |
Jamie Strandboge |
description |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verify the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777 and the file 0775:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs which fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verify the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs which fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-06 12:20:55 |
Jamie Strandboge |
description |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verify the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs which fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
[Impact]
unsquashfs does not preserve the stickybit when run as non-root (unlike other archive tools, like tar). While this is a bug in and of itself, it causes snaps with sticky directories to fail automated review because the requashed snap has the bit stripped and the resquashed snap as a result has a different checksum.
The fix is to attempt the chmod with the stickybit and if it fails with EPERM when not root, try again without the stickybit.
[Test Case]
1. create a squashfs with a sticky dir:
$ mkdir -p /tmp/foo/sticky-dir
$ chmod 1777 /tmp/foo/sticky-dir
$ mksquashfs /tmp/foo test.squash -all-root
2. see that the squashfs has the sticky dir in the squash:
$ unsquashfs -lls ./test.squash
...
drwxrwxrwt root/root 3 2018-07-05 16:03 squashfs-root/sticky-dir
3. unsquash the squash as non-root:
$ unsquashfs test.squash
4. verify the stickybit is set:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwt 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
Without the SRU, the directory is 0777:
$ ls -ld squashfs-root/sticky-dir/
drwxrwxrwx 2 jamie jamie 4096 Jul 5 16:07 squashfs-root/sticky-dir/
[Regression Potential]
Due to the fallback behavior, the regression potential is considered low. Furthermore, because the non-root user is still the owner of the resulting unpacked sticky directories, there is no problem with being able to remove the unpacked directories on error, etc.
[ Other Info ]
In addition to the above, I've added test-squashfs-tools.py to QRT which verifies type, owner and permissions with mksquashfs and unsquashfs for many different entries. These fail for the sticky bit (but otherwise pass) when unpatched and pass when patched.
[ Original description ]
From https://sourceforge.net/p/squashfs/mailman/message/36343213/:
"This set is an attempt to preserve the sticky bit when running unsquashfs as a non-root user. My main motivation for these changes is to improve
reproducability when doing a sequence of "unsquashfs -> mksquashfs" as a
non-root user but I think there's even more value in preserving the sticky bit in the case of a squashfs image containing a world-writable directory filled with files owned by a single user. Dropping the sticky bit could be considered to be a real bug in that scenario." |
|
| 2018-07-06 12:21:32 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2018-07-06 17:41:40 |
Brian Murray |
squashfs-tools (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2018-07-06 17:41:43 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2018-07-06 17:41:47 |
Brian Murray |
tags |
|
verification-needed verification-needed-bionic |
|
| 2018-07-06 17:43:50 |
Brian Murray |
squashfs-tools (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2018-07-06 17:43:56 |
Brian Murray |
tags |
verification-needed verification-needed-bionic |
verification-needed verification-needed-bionic verification-needed-xenial |
|
| 2018-07-06 19:39:13 |
Brian Murray |
squashfs-tools (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
| 2018-07-06 19:39:22 |
Brian Murray |
tags |
verification-needed verification-needed-bionic verification-needed-xenial |
verification-needed verification-needed-bionic verification-needed-trusty verification-needed-xenial |
|
| 2018-07-09 20:14:44 |
Jamie Strandboge |
tags |
verification-needed verification-needed-bionic verification-needed-trusty verification-needed-xenial |
verification-done verification-done-bionic verification-done-trusty verification-done-xenial |
|
| 2018-07-16 14:51:55 |
Launchpad Janitor |
squashfs-tools (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-07-16 15:14:02 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2018-07-16 15:14:40 |
Launchpad Janitor |
squashfs-tools (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2018-07-16 15:14:49 |
Launchpad Janitor |
squashfs-tools (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2019-04-10 14:07:06 |
Bug Watch Updater |
squashfs-tools (Debian): status |
New |
Fix Released |
|
