On Wed, 2020-06-17 at 19:55 +0100, Ken Moffat via lfs-dev wrote:
> Bringing this here now that Scott Andrews has pointed me towards the
> source of why users could not su on my new system: loss of suid.
>
> In the past I have not usually run what was in 'Stripping Again'
> because my CFLAGS drop debug information. But I've now started to
> allow that in elfutils (to get the tests to pass), so I know that at
> least those libs could be stripped.
>
> What has happened on this build is that all of the bin programs lost
> the suid bit, i.e.
>
> /bin/{mount,ping,ping6,su,umount}
> /usr/bin/{chage,chfn,chsh,expiry,gpasswd,newgidmap}}
> /usr/bin/{newgidmap,newgrp,newuidmap,passwd,wall}
>
> Since nobody else has reported this for the moment, I'm merely
> reporting iti, not attempting to fix the book. In my own script for
> Stripping Again I've now added
>
> chmod -v 4755 /bin/{mount,ping,ping6,su,umount}
> chmod -v 4755 /usr/bin/{chage,chfn,chsh,expiry,gpasswd}
> chmod -v 4755 /usr/bin/{newgidmap,newgrp,newuidmap,passwd}
> chmod -v 6755 /usr/bin/wall
>
> Which should ensure that all the suid binaries are correct after
> stripping.
I just tried:
sudo strip /bin/su.
The size was reduced from 139512 to 41424 bytes, and it is still suid
afterwards. Not sure what may explain what happened to you.
Do you have a special umask for root? (only thing I can think of; there
is nothing about permissions in the man page for strip)
Pierre
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
