On Sun, May 12, 2002 at 07:40:05PM -0400, Roland McGrath wrote:
> That makes sense. Indeed, fakeroot is netfs so it exec's by accessing the
> underlying node the same way exec'ing on nfs accesses the remote file.
> It's fshelp_exec_reauth trying the makeauth call that rightly fails since
> fakeroot's auth port is not root.
>
> There are a few different ways to attack this:
>
> 1. Override netfs_S_file_exec to just pass it through. Then a setuid exec
> will be a real setuid exec and will escape from the fakeroot and
> fakeauth universes entirely. This is the behavior of Linux fakeroot,
> since it does nothing special for exec and LD_PRELOAD is ignored by
> setuid executables.
Mmh, how is this done correctly? I have implemented the netfs_S_file_exec
pass-through, which works for suid programs, but not for scripts:
If the program is a script, the file_exec call will dead lock, because exec
tries to lock up the file node while it is locked in netfs_S_file_exec.
However, if I don't lock the node, I get "/dev/fd/3: Bad file descriptor".
It might be that not locking is the right thing to do, and the BADFD error
is a distinct one.
To allow a comparison: Without overriding netfs_S_dir_lookup, programs and
scripts work, but not suid programs.
There is another problem with fakeroot, and that is chmod. It doesn't work
at all :) I always get EOPNOTSUPP. Your comment:
Unlike the normal Unix
and Hurd meaning of chmod, this function is also used to attempt to
change files into other types. If such a transition is attempted which
is impossible, then return EOPNOTSUPP. */
But I could not find where this happens, and in fact it leads to a situation
where any chmod fails, because chmod usually does not involve any of the
S_IFMT bits. Eg, a normal chmod 0755 fails.
I changed it this way: I removed the EOPNOTSUPP check, and replaced it with:
mode &= ~(S_IFMT | S_ISPARE | S_ITRANS);
Then the file_chmod call with have a sane mode value, too. And then I
merged it in:
np->nn_stat.st_mode = (np->nn_stat.st_mode & (S_IFMT | S_ISPARE | S_ITRANS))
| mode;
This worked seamlessly.
With all those hacks and work arounds, disabling file_exec pass-through to
fix scripts (I didn't need suid binaries in this test), replacing EOPNOTSUPP
with ENOTDIR in the attempt_lookup function and the chmod fixes, and the fix
for fakeauth I just checked in, I was finally able to build a small Debian
package with
dpkg-buildpackage -rfakeroot -B
and the files ended up being owned by root in the package, and with correct
permissions. So we are getting there!
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED]
Marcus Brinkmann GNU http://www.gnu.org [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.marcus-brinkmann.de
_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd
