[Toybox] [landley/toybox] install -d -o USER -g GROUP DEST doesn't set uid/gid (#105)
scsijon
scsijon at lamiaworks.com.au
Sat Nov 17 18:22:11 PST 2018
> Message: 2
> Date: Sat, 17 Nov 2018 12:28:32 -0600
> From: Rob Landley <rob at landley.net>
> To:
> reply+001597098b9d9b8e3d721b2b98b1330abe67582879274d3792cf0000000117f33b1392a169ce16724e67 at reply.github.com,
> toybox <toybox at lists.landley.net>
> Subject: Re: [Toybox] [landley/toybox] install -d -o USER -g GROUP
> DEST doesn't set uid/gid (#105)
> Message-ID: <10eaa8fd-c028-5890-3a5b-33bef447b51a at landley.net>
> Content-Type: text/plain; charset=utf-8
>
> On 11/1/18 5:07 PM, Volodymyr Medvid wrote:
>> "install -d" doesn't honor custom uid/gid.
>> install_main returns early if (flags & FLAG_d), doing mkpathat without fchown.
>
> Hmmm... I just pushed a patch to that, but it's not quiet right.
>
> When calling lchown() it does xgetuid() and xgetgid() for the default values
> you're not overriding (when you have -o or -g but not both). Technically that
> should be the fsuid, but although there's a setfsuid() I can't find a _getfsuid()_?
>
> Man 7 capabilities is uninformative. And I still dunno what the point of suid
> is. (We added real and effective, but programs know to look for both of those
> know and freak if they're different! Let's add /opt and start sticking files in
> there, then we'll need /opt/usr for when people start to expect it!)
>
> Sorry, that's another rant:
>
> http://lists.busybox.net/pipermail/busybox/2010-December/074114.html
>
> (Which I got slightly wrong: the / disk was half a megabyte, the rk05 disk packs
> were 2.5 megabytes each. Still adds up to 3 megabytes though. Primary sources
> are https://www.bell-labs.com/usr/dmr/www/notes.html and
> https://www.bell-labs.com/usr/dmr/www/hist.html)
>
> Anyway, install -d does what you expect now, UNLESS you run it in a context
> where you've changed fsuid (which was implemented for samba, so the server could
> read/write files as different users without having to fork and run entirely _as_
> those users). That would be ignored on the last path component, but not the ones
> before it.
>
> Let me know if anybody comes up with a proper fix. :)
>
> Rob
>
Arn't they part of stat?
I believe openbsd have a getfsuid(), though not sure how good it is.
regards
scsijon
More information about the Toybox
mailing list