1 |
On 2021-02-09, Michael Orlitzky wrote: |
2 |
>On Tue, 2021-02-09 at 17:53 -0800, Fāng-ruì Sòng wrote: |
3 |
>> (I replied via https://groups.google.com/g/linux.gentoo.dev/c/WG-OLQe3yng |
4 |
>> "Reply all" (which only replied to the list AFAICT) but I did not |
5 |
>> subscribe to gentoo-dev via the official |
6 |
>> https://www.gentoo.org/get-involved/mailing-lists/ so my reply is |
7 |
>> missing) |
8 |
>> |
9 |
> |
10 |
>Apologies for hijacking your post with a tangential question, but you |
11 |
>reminded me to ask: how did you notice this problem? Ultimately all |
12 |
>system executables (in $PATH) should be owned by (and writable only by) |
13 |
>root anyway; otherwise you get silly security vulnerabilities like "cat |
14 |
>~/virus > /usr/bin/foo" as a regular user. |
15 |
> |
16 |
|
17 |
Context: both `strip a` and `llvm-strip a` create a temporary file. |
18 |
`strip a` does additional chown(2) (instead of fchown!) with a long list |
19 |
of hardening-style checks. Due to how the code is organized, passing a |
20 |
file description around can be difficult for binutils. |
21 |
|
22 |
Jian Cai reported the problem that `sudo llvm-strip a` does not restore |
23 |
the original filename. I played with `strip a` and `strip a -o b` a bit |
24 |
and noticed that chown(2) is only called in these cases: |
25 |
|
26 |
* (under root) strip a |
27 |
* (under root) strip a -o a |
28 |
|
29 |
not in these cases: |
30 |
|
31 |
* strip a -o b |
32 |
* strip a -o ./a |
33 |
|
34 |
--- |
35 |
|
36 |
From my side, I want llvm-objcopy/llvm-strip to have simple and consistent rules, |
37 |
smaller platform differences. Why does strip need to behave differently |
38 |
with or without root permission, when the target file has one hard link |
39 |
or more, on Linux than on other OSes? |
40 |
|
41 |
The driven reason is that distributions require such `strip a` behavior. |
42 |
Arch Linux has moved away. If Gentoo Linux can move away, llvm-objcopy |
43 |
can keep its current simpler behavior. |
44 |
|
45 |
--- |
46 |
|
47 |
I think Arch Linux did this: |
48 |
|
49 |
``` |
50 |
fakeroot |
51 |
# create an executable owned by bin |
52 |
strip exe # still owned by bin |
53 |
tar cf package.tar exe # record the owner |
54 |
exit |
55 |
|
56 |
tar xf package.tar -C somewhere |
57 |
``` |