Carsten Haitzler ha scritto il 31/03/21 alle 12:56:
On Wed, 31 Mar 2021 10:33:07 +0200 Massimo Maiurana <maiur...@gmail.com> said:
Carsten Haitzler ha scritto il 30/03/21 alle 21:18:
On Tue, 30 Mar 2021 18:20:18 +0200 Massimo Maiurana <maiur...@gmail.com>
said:
Nevermind, i rebuilt everything and now enlightenment_system was
installed with 4555 mask as yours. Something has gone wrong on the first
try :)
Anyway i still don't understand why it says it can't become group root
because it's not setuid. I would expect it saying it can't become user
root, not group.
it says can't become group root because...
if (setuid(0) != 0)
{
E_UTIL_SUID_ERR("Unable to assume root user privileges\n");
return 37;
}
if (setgid(0) != 0)
{
E_UTIL_SUID_ERR("Unable to assume root group privileges\n");
return 38;
}
that is literally the code. setting group to 0 fails. so sayeth the system.
Ok, but why the message in the box asked "missing setuid bit"? It should
warn about a missing setgid bit, as that is what it was checked.
actually it only needs the setuid bit to be root... setgid should just work
because it runs as root and already setuid to root before setgid. root can
setgid to anything... root isn't forbidden... so the setuid bit should have
already solved that.
But does it really check that? Yes, looking at the code it should, but
nor in Carla's installation neither in mine, now that it's fixed,
enlightenment_system has the setgid bit and E doesn't display any error
message. The only error I've seen was for a probably missing setuid bit
when the executable umask was 0755; no errors with umask 4555, which
looks odd to me.
i do not have the setgid bit set either.. it's not set... it doesn't need to be.
see above. it should work as the process will have already set uid to 0 ...
it's allowed to then do whatever it wants.
i can only imagine your distro has some extra security policies that somehow
even limit a setuid root app from changing gid... but the install just sets the
root setuid bit as that is all that is technically needed unless the previous
is happening. it doesn't seem to on arch. in fact not on the debian systems i
have either.
In my case, something went wrong during the first attempt. Further i've
rebuilt everything and now the setuid bit is correctly set. I'm on
debian testing.
The only thing that was surprising me is that E was unable to assume
root uid, as the binary was not setuid, but the error talked about
assuming root gid. In the code i see it checks first uid and then gid,
so i would've expected it telling me that it can't become user root, not
group root. Does it mean that the first check was passed? It should have
not.
Massimo Maiurana
Carla Sensa ha scritto il 30/03/21 alle 15:39:
Never saw such message on my Ubuntu system.
Latest git, installed with sudo:
stat /usr/local/lib/x86_64-linux-gnu/enlightenment/utils
/enlightenment_system
File:
/usr/local/lib/x86_64-linux-gnu/enlightenment/utils/enlightenment_system
Size: 71688 Blocks: 144 IO Block: 4096 regular file
Device: 801h/2049d Inode: 4461560 Links: 1
Access: (4555/-r-sr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2021-03-30 15:27:51.772226190 +0200
Modify: 2021-03-30 15:22:22.620735207 +0200
Change: 2021-03-30 15:23:30.235253374 +0200
Birth: -
Le 30/03/2021 à 13:23, Massimo Maiurana a écrit :
With latest git master I get the following message at startup:
"Enlightenment cannot successfully start the enlightenment_system
service since it can't become group root. Missing setuid bit?"
Well, build and installation was performed as root and the
enlightenment_system binary was installed in
$PREFIX/lib/X86_64-linux-gnu/enlightenment/utils, where all binaries
is owned by root:root and have 755 permissions. Shouldn't this be
enough? If not, how should it be? And who is responsible for that?
Also, since it complains about being unable to become *group* root,
shouldn't the message say that the missing one is the setgid bit and
not setuid?
_______________________________________________
enlightenment-users mailing list
enlightenment-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-users
_______________________________________________
enlightenment-users mailing list
enlightenment-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-users
_______________________________________________
enlightenment-users mailing list
enlightenment-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-users
