Date: Wed, 6 Dec 2017 13:07:09 -0500 From: Ed Maste <emaste@freebsd.org> To: Baptiste Daroussin <bapt@freebsd.org> Cc: Glen Barber <gjb@freebsd.org>, Kris Moore <kris@ixsystems.com>, "Rodney W. Grimes" <freebsd-rwg@pdx.rh.cn85.dnsmgr.net>, freebsd-pkgbase@freebsd.org Subject: Re: Recent issue with pkg base missing setuid Message-ID: <CAPyFy2AkeosnwrEZYVWZExwJw7ZqRR6GL-B1CKcQd0Lf8ZWX4g@mail.gmail.com> In-Reply-To: <20171204215653.4mhaf6thtn2voe4v@ivaldir.net> References: <20171204183703.GG22326@FreeBSD.org> <201712041846.vB4IkuiW047326@pdx.rh.CN85.dnsmgr.net> <20171204185956.GH22326@FreeBSD.org> <20171204215653.4mhaf6thtn2voe4v@ivaldir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 December 2017 at 16:56, Baptiste Daroussin <bapt@freebsd.org> wrote:
>
> So this is the issue, somewhere in the way libarchive is handling the hardlinks.
I'm not sure libarchive is at fault, it seems to be a bug/limitation
in the way install handles links with -M. For regular installs we
invoke:
install -l h <prog> <link>
and the link then has the same permissions via the existing inode.
With -M install produces a metalog containing
./<link> type=file mode=0755 size=0
(i.e., permissions not explicitly set) and we end up with two entries
in the metalog referencing two names for the same inode, but with
different permissions.
If we passed in the mode when invoking install for a hardlink we
should have the expected permissions, regardless of sorting:
# install -M METALOG -m4554 -l h <prog> <link>
./<link> type=file mode=04554 size=0
On a positive note there are only a few Makefiles with LINKS as well
as BINOWN, BINMODE, or BINGRP. As far as I can tell:
release/picobsd/tinyware/passwd/Makefile
sbin/shutdown/Makefile
usr.bin/at/Makefile
usr.sbin/authpf/Makefile
and of these shutdown is the only one that has a link that's not
already in alpha order.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2AkeosnwrEZYVWZExwJw7ZqRR6GL-B1CKcQd0Lf8ZWX4g>