Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Manoj Gupta <manojgupta@××××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: portage reliance on GNU objcopy ownership perseverance behavior in strip
Date: Wed, 10 Feb 2021 02:25:53
Message-Id: CAH=QcsgVBVCf7cno_j6sKqmX0v3Kxdm=igdVZbjabx1Etgo9WQ@mail.gmail.com
In Reply to: Re: [gentoo-dev] Re: portage reliance on GNU objcopy ownership perseverance behavior in strip by Michael Orlitzky
1 On Tue, Feb 9, 2021 at 6:02 PM Michael Orlitzky <mjo@g.o> wrote:
2
3 > On Tue, 2021-02-09 at 17:53 -0800, Fāng-ruì Sòng wrote:
4 > > (I replied via
5 > https://groups.google.com/g/linux.gentoo.dev/c/WG-OLQe3yng
6 > > "Reply all" (which only replied to the list AFAICT) but I did not
7 > > subscribe to gentoo-dev via the official
8 > > https://www.gentoo.org/get-involved/mailing-lists/ so my reply is
9 > > missing)
10 > >
11 >
12 > Apologies for hijacking your post with a tangential question, but you
13 > reminded me to ask: how did you notice this problem? Ultimately all
14 > system executables (in $PATH) should be owned by (and writable only by)
15 > root anyway; otherwise you get silly security vulnerabilities like "cat
16 > ~/virus > /usr/bin/foo" as a regular user.
17 >
18 >
19 > Root is the owner but often there is also a group that has access to the
20 files.
21 After stripping with llvm-strip, new ownership is root:root instead of
22 root:<group>.
23 Therefore, the members of the group lose access to the files post stripping.
24
25 We found this issue in Chrome OS when we tried to switch the defaults to
26 llvm's objcopy/strip.
27
28 Example of ebuilds:
29 $ grep -ri fowners .|grep bin|grep usr|tail -10
30 ./net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild: fowners root:pcap
31 /usr/sbin/tcpdump
32 ./net-analyzer/tcpdump/tcpdump-4.99.0.ebuild: fowners root:pcap
33 /usr/sbin/tcpdump
34 ./net-analyzer/netselect/netselect-9999.ebuild: fowners root:wheel
35 /usr/bin/netselect
36 ./net-analyzer/netselect/netselect-0.4-r1.ebuild: fowners root:wheel
37 /usr/bin/netselect
38 ./net-analyzer/driftnet/driftnet-1.3.0.ebuild: fowners root:wheel
39 "/usr/bin/driftnet"
40 ./mail-filter/procmail/procmail-3.22-r14.ebuild: fowners root:mail
41 /usr/bin/lockfile
42 ./sys-block/scsiadd/scsiadd-1.97-r1.ebuild: fowners root:scsi
43 /usr/sbin/scsiadd
44 ./x11-terms/aterm/aterm-1.0.1-r4.ebuild: fowners root:utmp /usr/bin/aterm
45 ./x11-terms/mrxvt/mrxvt-0.5.4.ebuild: fowners root:utmp /usr/bin/mrxvt
46 ./games-arcade/xboing/xboing-2.4-r3.ebuild: fowners root:gamestat
47 /var/games/xboing.score /usr/bin/xboing
48
49 Thanks,
50 Manoj

Replies

Subject Author
Re: [gentoo-dev] Re: portage reliance on GNU objcopy ownership perseverance behavior in strip Michael Orlitzky <mjo@g.o>
Report Message
Find on MARC Find on Google Groups