Bug#661497: marked as done (Makejail fails to copy setuid bit)

Mon, 05 Mar 2012 10:36:20 -0800 

Your message dated Mon, 05 Mar 2012 18:33:05 +0000
with message-id <[email protected]>
and subject line Bug#661497: fixed in makejail 0.0.5-10
has caused the Debian Bug report #661497,
regarding Makejail fails to copy setuid bit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
661497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: makejail
Version: 0.0.5-9

Makejail fails to copy setuid bit. Can't find any way to force this
behaviour in the configuration, and I don't believe this is a design
feature.

The error seems to occur due to the ordering of the way the file
permissions and user/group ids are applied. Pasted below is a copy of
the relevant code.

#!/usr/bin/python

import stat
import sys
import os
import shutil

# May be useful to parse correctly some program outputs
os.environ["LANG"]="C"

def copyStatAndOwner(source,target):
        # Keep all attributes
        shutil.copystat(source,target)

        # Copy user/group info
        statInfos=os.stat(source)
        os.chown(target,statInfos[stat.ST_UID],statInfos[stat.ST_GID])

def copyStatAndOwner2(source,target):
        # Copy user/group info
        statInfos=os.stat(source)
        os.chown(target,statInfos[stat.ST_UID],statInfos[stat.ST_GID])

        # Keep all attributes
        shutil.copystat(source,target)

if __name__=="__main__":
        file_in = "test.sh"
        file_out = "test2.sh"

        shutil.copy(file_in,file_out)
        copyStatAndOwner2(file_in,file_out)

        sys.exit(0)

CopyStatAndOwner is taken from makejail, CopyStatAndOwner2 is my
suggestion as a fix. 

Running chown/chgrp from the command line on a setuid file has the same
effect, which would seem to be the root of the problem.

--- End Message ---
--- Begin Message --- 
Source: makejail
Source-Version: 0.0.5-10

We believe that the bug you reported is fixed in the latest version of
makejail, which is due to be installed in the Debian FTP archive:

makejail_0.0.5-10.diff.gz
  to main/m/makejail/makejail_0.0.5-10.diff.gz
makejail_0.0.5-10.dsc
  to main/m/makejail/makejail_0.0.5-10.dsc
makejail_0.0.5-10_all.deb
  to main/m/makejail/makejail_0.0.5-10_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[email protected]> (supplier of updated makejail 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 03 Mar 2012 17:29:24 +0100
Source: makejail
Binary: makejail
Architecture: source all
Version: 0.0.5-10
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[email protected]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[email protected]>
Description: 
 makejail   - Automatically create chroot jails for programs
Closes: 661497
Changes: 
 makejail (0.0.5-10) unstable; urgency=low
 .
   * Reorder the call to shutil to ensure that the setuid bit is
     copied when making a jail, thanks to Charles Burgoyne for the
     report and fix. (Closes: 661497)
   * examples/exim4.py: Add an example to chroot exim4 (largely untested)
Checksums-Sha1: 
 0b8ab6964763037a6b005eec374a5116e9c4bf37 1116 makejail_0.0.5-10.dsc
 fa53ab05d78ef782c451484e6e46dccc55ae04c9 15278 makejail_0.0.5-10.diff.gz
 f4f4705dfe94b3a20c45e5aaa1ccbf410ce2b67f 36828 makejail_0.0.5-10_all.deb
Checksums-Sha256: 
 fb47c6c7a8b5700dcf65fe15ba23c39d83c5f3922a9286c75bee82afb0af7a90 1116 
makejail_0.0.5-10.dsc
 89674fee17e115974c55e7fff382e9f9ebc06f35d78c9eb97e27331b7837b537 15278 
makejail_0.0.5-10.diff.gz
 038cd7ef73dad835634cea141341629bb1b2009756d89d8c5ec8ab5a89c503ba 36828 
makejail_0.0.5-10_all.deb
Files: 
 2d5e934452101dbd872e6fab16ec5641 1116 admin optional makejail_0.0.5-10.dsc
 c8b86da3a6327324d91b3a128d955a3d 15278 admin optional makejail_0.0.5-10.diff.gz
 29c7816be2ff739f58084ee919b303cd 36828 admin optional makejail_0.0.5-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPVQNMsandgtyBSwkRAiCdAJ4jNpDJytxzBzi+bUxPI3ca9igjqwCghLTg
bZUHY1OUL9atmkxKxRNoTY8=
=lmDA
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to