On 6/17/20 1:55 PM, Ken Moffat via lfs-dev wrote:
Bringing this here now that Scott Andrews has pointed me towards the source of why users could not su on my new system: loss of suid.In the past I have not usually run what was in 'Stripping Again' because my CFLAGS drop debug information. But I've now started to allow that in elfutils (to get the tests to pass), so I know that at least those libs could be stripped. What has happened on this build is that all of the bin programs lost the suid bit, i.e. /bin/{mount,ping,ping6,su,umount} /usr/bin/{chage,chfn,chsh,expiry,gpasswd,newgidmap}} /usr/bin/{newgidmap,newgrp,newuidmap,passwd,wall} Since nobody else has reported this for the moment, I'm merely reporting iti, not attempting to fix the book. In my own script for Stripping Again I've now added chmod -v 4755 /bin/{mount,ping,ping6,su,umount} chmod -v 4755 /usr/bin/{chage,chfn,chsh,expiry,gpasswd} chmod -v 4755 /usr/bin/{newgidmap,newgrp,newuidmap,passwd} chmod -v 6755 /usr/bin/wall
All the files in the above match those permissions without doing anything different from the book on my system. I did build the system manually.
One exception, wall, has permissions 2755 (-rwxr-sr-x with group tty). -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
