Hello,
I just noticed a problem with gzip in OpenBSD 5.9 introduced with pledge:
if root compresses a file, the owner and group are not copied onto the created
archive file:
> user@obsd59:tmp >ls -l server.log
> -rw-r--r-- 1 user wheel 345 Jun 3 09:16 server.log
> user@obsd59:tmp >sudo gzip server.log
> user@obsd59:tmp >ls -l server.log.gz
> -rw-r--r-- 1 root wheel 234 Jun 3 09:16 server.log.gz
This change in behavior makes especially problems in newsyslog, as newsyslog
sets owner and group of the rotated file prior to calling gzip.
As a result, every .0 file which is compressed will belong to root:wheel instead
of the correct user and group.
I looked at the gzip code and there is the correct call to fchown() but due to
pledge fchown() returns EPERM as uid and/or guid given to fchown() do not match
onto the current process calling fchown():
> pledge_chown(struct proc *p, uid_t uid, gid_t gid)
> {
> if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
> return (0);
>
> if (uid != -1 && uid != p->p_ucred->cr_uid)
> return (EPERM);
> if (gid != -1 && !groupmember(gid, p->p_ucred))
> return (EPERM);
> return (0);
> }
The EPERM returned there is silently ignored in gzip:
> /*
> * Changing the ownership probably won't succeed, unless we're root
> * or POSIX_CHOWN_RESTRICTED is not set. Set uid/gid bits are not
> * allowed.
> */
> fs->st_mode &= ACCESSPERMS;
> if (fchown(fd, fs->st_uid, fs->st_gid)) {
> if (errno != EPERM)
> warn("fchown: %s", name);
> fs->st_mode &= ~(S_ISUID|S_ISGID);
> }
Greetings
