Date: Sat, 15 Dec 2001 07:14:04 -0800 (PST) From: Andreas Klemm <andreas@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/32872: nethack3-gnome port, gtk library component complains about running SUID Message-ID: <200112151514.fBFFE4T89999@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 32872
>Category: ports
>Synopsis: nethack3-gnome port, gtk library component complains about running SUID
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 15 07:20:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Andreas Klemm
>Release: 4.4
>Organization:
>Environment:
FreeBSD titan.klemm.gtn.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Sat Dec 8 17:33:34 CET 2001 root@titan.klemm.gtn.com:/usr/src/sys/compile/TITAN i386
>Description:
andreas@titan[ttyp2]{1003} ~ nethack
Gtk-WARNING **: This process is currently running setuid or setgid.
This is not a supported use of GTK+. You must create a helper
program instead. For further details, see:
http://www.gtk.org/setuid.html
Refusing to initialize GTK+.
These shared libs are in use:
andreas@titan[ttyp2]{1018} ...share/nethack ldd nethack
nethack:
libncurses.so.5 => /usr/lib/libncurses.so.5 (0x281cb000)
libgnomeui.so.5 => /usr/X11R6/lib/libgnomeui.so.5 (0x2820d000)
libgnome.so.5 => /usr/X11R6/lib/libgnome.so.5 (0x282db000)
libart_lgpl.so.5 => /usr/X11R6/lib/libart_lgpl.so.5 (0x282f2000)
libgtk12.so.2 => /usr/X11R6/lib/libgtk12.so.2 (0x28300000)
libgdk12.so.2 => /usr/X11R6/lib/libgdk12.so.2 (0x28428000)
libglib12.so.3 => /usr/local/lib/libglib12.so.3 (0x2845a000)
libpopt.so.0 => /usr/local/lib/libpopt.so.0 (0x2847c000)
libc.so.4 => /usr/lib/libc.so.4 (0x28482000)
libgdk_imlib.so.5 => /usr/X11R6/lib/libgdk_imlib.so.5 (0x2851b000)
libesd.so.2 => /usr/local/lib/libesd.so.2 (0x28544000)
libaudiofile.so.0 => /usr/local/lib/libaudiofile.so.0 (0x2854c000)
libm.so.2 => /usr/lib/libm.so.2 (0x2856d000)
libtiff.so.4 => /usr/local/lib/libtiff.so.4 (0x28589000)
libungif.so.5 => /usr/local/lib/libungif.so.5 (0x285ca000)
libpng.so.5 => /usr/local/lib/libpng.so.5 (0x285d2000)
libz.so.2 => /usr/lib/libz.so.2 (0x285f4000)
libgmodule12.so.3 => /usr/local/lib/libgmodule12.so.3 (0x28601000)
libintl.so.1 => /usr/local/lib/libintl.so.1 (0x28604000)
libxpg4.so.3 => /usr/lib/libxpg4.so.3 (0x28609000)
libXext.so.6 => /usr/X11R6/lib/libXext.so.6 (0x2860b000)
libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0x28619000)
libSM.so.6 => /usr/X11R6/lib/libSM.so.6 (0x286f4000)
libICE.so.6 => /usr/X11R6/lib/libICE.so.6 (0x286fd000)
libjpeg.so.9 => /usr/local/lib/libjpeg.so.9 (0x28713000)
libXThrStub.so.6 => /usr/X11R6/lib/libXThrStub.so.6 (0x28731000)
>How-To-Repeat:
compile and install nethack3-gnome port
>Fix:
write a wrapper program to make the port work out of the box ?
I tried to chmod 0555 /usr/local/share/nethack/nethack and
chmod g+s /usr/local/bin/nethack to make it SUID games,
but appearantly SGID doesn't work on FreeBSD with shellscripts,
remember an issue with that but forgot what needs to be arranged.
Putting an "id" command in /usr/local/bin/nethack shellscript
gives on the output:
andreas@titan[ttyp2]{1066} ...local/bin nethack
uid=1001(andreas) gid=1001(andreas) groups=1001(andreas), 0(wheel), 5(operator)
Warning: cannot write scoreboard file record
No write permission to lock perm!
So: SGID shellscript doesn't do the right thing ...
Could it be the case that we need a binary wrapper program ???
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112151514.fBFFE4T89999>