Bug#903085: marked as done (squashfs-tools: unsquashfs as non-root does not preserve sticky bit)

Debian Bug Tracking System Sat, 12 Jan 2019 23:09:52 -0800

Your message dated Sun, 13 Jan 2019 08:07:33 +0100
with message-id 
<CAKjSHr1zn2=6iLfSjpy=wsgmhylyfpn9rbbb1ohp_wrmabr...@mail.gmail.com>
and subject line Re: Bug#903085: squashfs-tools: unsquashfs as non-root does 
not preserve sticky bit
has caused the Debian Bug report #903085,
regarding squashfs-tools: unsquashfs as non-root does not preserve sticky bit
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
903085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: squashfs-tools
Version: 1:4.3-6
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch,
    debian/patches/0011-also-set-stickybit-as-non-root.patch: apply stickybit
    when run as non-root (LP: #1779914). Patches thanks to Tyler Hicks.

Thanks for considering the patch.

Reference:
* https://sourceforge.net/p/squashfs/mailman/message/36343213/


-- System Information:
Debian Release: buster/sid
  APT prefers bionic-updates
  APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 'bionic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-23-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru 
squashfs-tools-4.3/debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch
 
squashfs-tools-4.3/debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch
--- 
squashfs-tools-4.3/debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch
    1969-12-31 18:00:00.000000000 -0600
+++ 
squashfs-tools-4.3/debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch
    2018-07-03 12:55:57.000000000 -0500
@@ -0,0 +1,32 @@
+Author: Tyler Hicks <tyhi...@canonical.com>
+Origin: backport, https://sourceforge.net/p/squashfs/mailman/message/36343213/
+Description: Using macros, rather than raw octal values, better conveys the
+ intent of masking off the setuid, setgid, and sticky bits.
+Forwarded: yes
+Bug-Ubuntu: https://launchpad.net/bugs/1779914
+
+Index: squashfs-tools-4.3/squashfs-tools/unsquashfs.c
+===================================================================
+--- squashfs-tools-4.3.orig/squashfs-tools/unsquashfs.c
++++ squashfs-tools-4.3/squashfs-tools/unsquashfs.c
+@@ -820,6 +820,8 @@ int set_attributes(char *pathname, int m
+       unsigned int xattr, unsigned int set_mode)
+ {
+       struct utimbuf times = { time, time };
++      /* Mode bits that are only useful with root privileges */
++      mode_t root_mask = S_ISUID | S_ISGID | S_ISVTX;
+ 
+       if(utime(pathname, &times) == -1) {
+               ERROR("set_attributes: failed to set time on %s, because %s\n",
+@@ -835,9 +837,9 @@ int set_attributes(char *pathname, int m
+                       return FALSE;
+               }
+       } else
+-              mode &= ~07000;
++              mode &= ~(root_mask);
+ 
+-      if((set_mode || (mode & 07000)) && chmod(pathname, (mode_t) mode) == 
-1) {
++      if((set_mode || (mode & root_mask)) && chmod(pathname, (mode_t) mode) 
== -1) {
+               ERROR("set_attributes: failed to change mode %s, because %s\n",
+                       pathname, strerror(errno));
+               return FALSE;
diff -Nru 
squashfs-tools-4.3/debian/patches/0011-also-set-stickybit-as-non-root.patch 
squashfs-tools-4.3/debian/patches/0011-also-set-stickybit-as-non-root.patch
--- squashfs-tools-4.3/debian/patches/0011-also-set-stickybit-as-non-root.patch 
1969-12-31 18:00:00.000000000 -0600
+++ squashfs-tools-4.3/debian/patches/0011-also-set-stickybit-as-non-root.patch 
2018-07-03 13:27:23.000000000 -0500
@@ -0,0 +1,77 @@
+Subject: [PATCH 0/2] Preserve the sticky bit
+
+The unsquashfs tool was masking off the sticky bit when running as a
+non-root user. It isn't documented why the bit was being masked off but
+there are at least two possibilities.
+
+The first is because all of the files created by unsquashfs, when
+running as a non-root user, will be owned by the same user since
+unsquashfs can't chown() the files.I think it is still good practice to
+attempt to preserve the sticky bit in this situation because it is
+perfectly valid to have a world-writable directory containing files
+owned by a single user. The sticky bit set on the directory inode would
+prevent other users from deleting those files.
+
+Another reason why the sticky bit was being masked off when running as
+non-root could be due to this snippet from the chmod(2) man page:
+
+  On some filesystems, only the superuser can set the sticky bit, which
+  may have a special meaning. For the sticky bit, and for set-user-ID
+  and set-group-ID bits on directories, see stat(2).
+
+However, I'm not seeing any Linux filesystems that require root
+privileges in order to set the sticky bit after a quick search through
+v4.17. In the case that such filesystems do exist, old behavior is
+preserved by retrying a failed chmod() without the sticky bit.
+
+Setting the sticky bit, when non-root, will not cause any problems in
+unsquashfs because all of the created files will by owned by the same
+user. Therefore, unsquashfs will not run into any of the restricted
+deletion protections after setting the sticky bit on a directory inode
+even if unsquashfs needs to remove or rename a file underneath the
+directory.
+
+Signed-off-by: Tyler Hicks <tyhicks@...>
+---
+ squashfs-tools/unsquashfs.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+Origin: https://sourceforge.net/p/squashfs/mailman/message/36343213/
+Forwarded: yes
+Bug-Ubuntu: https://launchpad.net/bugs/1779914
+
+Index: squashfs-tools-4.3/squashfs-tools/unsquashfs.c
+===================================================================
+--- squashfs-tools-4.3.orig/squashfs-tools/unsquashfs.c
++++ squashfs-tools-4.3/squashfs-tools/unsquashfs.c
+@@ -821,7 +821,7 @@ int set_attributes(char *pathname, int m
+ {
+       struct utimbuf times = { time, time };
+       /* Mode bits that are only useful with root privileges */
+-      mode_t root_mask = S_ISUID | S_ISGID | S_ISVTX;
++      mode_t root_mask = S_ISUID | S_ISGID;
+ 
+       if(utime(pathname, &times) == -1) {
+               ERROR("set_attributes: failed to set time on %s, because %s\n",
+@@ -840,9 +840,18 @@ int set_attributes(char *pathname, int m
+               mode &= ~(root_mask);
+ 
+       if((set_mode || (mode & root_mask)) && chmod(pathname, (mode_t) mode) 
== -1) {
+-              ERROR("set_attributes: failed to change mode %s, because %s\n",
+-                      pathname, strerror(errno));
+-              return FALSE;
++              /*
++               * Some filesystems require root privileges to use the sticky
++               * bit. If we're not root and chmod() failed with EPERM when the
++               * sticky bit was included in the mode, try again without the
++               * sticky bit. Otherwise, fail with an error message.
++               */
++              if (root_process || errno != EPERM || !(mode & S_ISVTX) ||
++                              chmod(pathname, (mode_t) (mode & ~S_ISVTX)) == 
-1) {
++                      ERROR("set_attributes: failed to change mode %s, 
because %s\n",
++                              pathname, strerror(errno));
++                      return FALSE;
++              }
+       }
+ 
+       write_xattr(pathname, xattr);
diff -Nru squashfs-tools-4.3/debian/patches/series 
squashfs-tools-4.3/debian/patches/series
--- squashfs-tools-4.3/debian/patches/series    2018-03-04 13:36:55.000000000 
-0600
+++ squashfs-tools-4.3/debian/patches/series    2018-07-03 12:57:10.000000000 
-0500
@@ -7,3 +7,5 @@
 0007-fix-2GB-limit-in-mksquashfs.patch
 0008-preserve_file_capabilities.patch
 0009-unsquashfs-preserve-symlink-times.patch
+0010-use-macros-not-raw-octal-with-chmod.patch
+0011-also-set-stickybit-as-non-root.patch

--- End Message ---

--- Begin Message ---

Version: 1:4.3-9

On Thu, Jul 5, 2018 at 10:54 PM Jamie Strandboge <ja...@ubuntu.com> wrote:
> In Ubuntu, the attached patch was applied to achieve the following:
>
>   * debian/patches/0010-use-macros-not-raw-octal-with-chmod.patch,
>     debian/patches/0011-also-set-stickybit-as-non-root.patch: apply stickybit
>     when run as non-root (LP: #1779914). Patches thanks to Tyler Hicks.
 Thanks for the heads-up. I've included the patches in the latest,
1:4.3-9 upload. Forgot to close the bugreport from changelog, but here
it goes.

Cheers,
Laszlo/GCS

--- End Message ---

Bug#903085: marked as done (squashfs-tools: unsquashfs as non-root does not preserve sticky bit)

Reply via email to