Bringing this here now that Scott Andrews has pointed me towards the
source of why users could not su on my new system: loss of suid.
In the past I have not usually run what was in 'Stripping Again'
because my CFLAGS drop debug information. But I've now started to
allow that in elfutils (to get the tests to pass), so I know that at
least those libs could be stripped.
What has happened on this build is that all of the bin programs lost
the suid bit, i.e.
/bin/{mount,ping,ping6,su,umount}
/usr/bin/{chage,chfn,chsh,expiry,gpasswd,newgidmap}}
/usr/bin/{newgidmap,newgrp,newuidmap,passwd,wall}
Since nobody else has reported this for the moment, I'm merely
reporting iti, not attempting to fix the book. In my own script for
Stripping Again I've now added
chmod -v 4755 /bin/{mount,ping,ping6,su,umount}
chmod -v 4755 /usr/bin/{chage,chfn,chsh,expiry,gpasswd}
chmod -v 4755 /usr/bin/{newgidmap,newgrp,newuidmap,passwd}
chmod -v 6755 /usr/bin/wall
Which should ensure that all the suid binaries are correct after
stripping.
ĸen
--
He died at the console, of hunger and thirst.
Next day he was buried, face-down, nine-edge first.
- the perfect programmer
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
