On Wed, 31 Mar 2021 13:19:36 +0200 Massimo Maiurana <maiur...@gmail.com> said:
> Carsten Haitzler ha scritto il 31/03/21 alle 12:56:
> > On Wed, 31 Mar 2021 10:33:07 +0200 Massimo Maiurana <maiur...@gmail.com>
> > said:
> >
> >> Carsten Haitzler ha scritto il 30/03/21 alle 21:18:
> >>> On Tue, 30 Mar 2021 18:20:18 +0200 Massimo Maiurana <maiur...@gmail.com>
> >>> said:
> >>>
> >>>> Nevermind, i rebuilt everything and now enlightenment_system was
> >>>> installed with 4555 mask as yours. Something has gone wrong on the first
> >>>> try :)
> >>>>
> >>>> Anyway i still don't understand why it says it can't become group root
> >>>> because it's not setuid. I would expect it saying it can't become user
> >>>> root, not group.
> >>>
> >>> it says can't become group root because...
> >>>
> >>> if (setuid(0) != 0)
> >>> {
> >>> E_UTIL_SUID_ERR("Unable to assume root user privileges\n");
> >>> return 37;
> >>> }
> >>> if (setgid(0) != 0)
> >>> {
> >>> E_UTIL_SUID_ERR("Unable to assume root group privileges\n");
> >>> return 38;
> >>> }
> >>>
> >>> that is literally the code. setting group to 0 fails. so sayeth the
> >>> system.
> >>
> >> Ok, but why the message in the box asked "missing setuid bit"? It should
> >> warn about a missing setgid bit, as that is what it was checked.
> >
> > actually it only needs the setuid bit to be root... setgid should just work
> > because it runs as root and already setuid to root before setgid. root can
> > setgid to anything... root isn't forbidden... so the setuid bit should have
> > already solved that.
> >
> >> But does it really check that? Yes, looking at the code it should, but
> >> nor in Carla's installation neither in mine, now that it's fixed,
> >> enlightenment_system has the setgid bit and E doesn't display any error
> >> message. The only error I've seen was for a probably missing setuid bit
> >> when the executable umask was 0755; no errors with umask 4555, which
> >> looks odd to me.
> >
> > i do not have the setgid bit set either.. it's not set... it doesn't need
> > to be. see above. it should work as the process will have already set uid
> > to 0 ... it's allowed to then do whatever it wants.
> >
> > i can only imagine your distro has some extra security policies that somehow
> > even limit a setuid root app from changing gid... but the install just sets
> > the root setuid bit as that is all that is technically needed unless the
> > previous is happening. it doesn't seem to on arch. in fact not on the
> > debian systems i have either.
>
> In my case, something went wrong during the first attempt. Further i've
> rebuilt everything and now the setuid bit is correctly set. I'm on
> debian testing.
no idea what happened with you there ... but the setuid bit does get set as
part of install - if you ctrl+c'd the install just before the end it may not
have gotten set?
> The only thing that was surprising me is that E was unable to assume
> root uid, as the binary was not setuid, but the error talked about
> assuming root gid. In the code i see it checks first uid and then gid,
> so i would've expected it telling me that it can't become user root, not
> group root. Does it mean that the first check was passed? It should have
> not.
it should not have. either you misread the dialog and actually saw the earlier
one, or something truly odd happened as the first setuid should have failed.
the setgid really has no reason to fail at all once setuid fails - but the
error reporting is in place anyway...
> >>>> Massimo Maiurana
> >>>>
> >>>> Carla Sensa ha scritto il 30/03/21 alle 15:39:
> >>>>> Never saw such message on my Ubuntu system.
> >>>>> Latest git, installed with sudo:
> >>>>> stat /usr/local/lib/x86_64-linux-gnu/enlightenment/utils
> >>>>> /enlightenment_system
> >>>>> File:
> >>>>> /usr/local/lib/x86_64-linux-gnu/enlightenment/utils/enlightenment_system
> >>>>> Size: 71688 Blocks: 144 IO Block: 4096 regular
> >>>>> file Device: 801h/2049d Inode: 4461560 Links: 1
> >>>>> Access: (4555/-r-sr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
> >>>>> Access: 2021-03-30 15:27:51.772226190 +0200
> >>>>> Modify: 2021-03-30 15:22:22.620735207 +0200
> >>>>> Change: 2021-03-30 15:23:30.235253374 +0200
> >>>>> Birth: -
> >>>>>
> >>>>>
> >>>>> Le 30/03/2021 à 13:23, Massimo Maiurana a écrit :
> >>>>>> With latest git master I get the following message at startup:
> >>>>>> "Enlightenment cannot successfully start the enlightenment_system
> >>>>>> service since it can't become group root. Missing setuid bit?"
> >>>>>>
> >>>>>> Well, build and installation was performed as root and the
> >>>>>> enlightenment_system binary was installed in
> >>>>>> $PREFIX/lib/X86_64-linux-gnu/enlightenment/utils, where all binaries
> >>>>>> is owned by root:root and have 755 permissions. Shouldn't this be
> >>>>>> enough? If not, how should it be? And who is responsible for that?
> >>>>>>
> >>>>>> Also, since it complains about being unable to become *group* root,
> >>>>>> shouldn't the message say that the missing one is the setgid bit and
> >>>>>> not setuid?
> >>>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> enlightenment-users mailing list
> >>>>> enlightenment-users@lists.sourceforge.net
> >>>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-users
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> enlightenment-users mailing list
> >>>> enlightenment-users@lists.sourceforge.net
> >>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-users
> >>>
> >>>
> >>
> >
> >
>
--
------------- Codito, ergo sum - "I code, therefore I am" --------------
Carsten Haitzler - ras...@rasterman.com
_______________________________________________
enlightenment-users mailing list
enlightenment-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-users
