On Wed, Jun 17, 2020 at 02:19:41PM -0500, Bruce Dubbs via lfs-dev wrote:
> On 6/17/20 1:55 PM, Ken Moffat via lfs-dev wrote:
> > Bringing this here now that Scott Andrews has pointed me towards the
> > source of why users could not su on my new system: loss of suid.
> >
> > In the past I have not usually run what was in 'Stripping Again'
> > because my CFLAGS drop debug information. But I've now started to
> > allow that in elfutils (to get the tests to pass), so I know that at
> > least those libs could be stripped.
> >
> > What has happened on this build is that all of the bin programs lost
> > the suid bit, i.e.
> >
> > /bin/{mount,ping,ping6,su,umount}
> > /usr/bin/{chage,chfn,chsh,expiry,gpasswd,newgidmap}}
> > /usr/bin/{newgidmap,newgrp,newuidmap,passwd,wall}
> >
> > Since nobody else has reported this for the moment, I'm merely
> > reporting iti, not attempting to fix the book. In my own script for
> > Stripping Again I've now added
> >
> > chmod -v 4755 /bin/{mount,ping,ping6,su,umount}
> > chmod -v 4755 /usr/bin/{chage,chfn,chsh,expiry,gpasswd}
> > chmod -v 4755 /usr/bin/{newgidmap,newgrp,newuidmap,passwd}
> > chmod -v 6755 /usr/bin/wall
>
> All the files in the above match those permissions without doing anything
> different from the book on my system. I did build the system manually.
>
> One exception, wall, has permissions 2755 (-rwxr-sr-x with group tty).
>
> -- Bruce
I'm not at the desktops at the moment, I'll assume 2755 IS the
correct value: I was looking at a cross-chap5 system, the
highlighting (orange? background) was different from the others and
I noticed the gid. Certainly, group tty.
On this build, after misreading 'stripping' earlier in the book (and
trashing the partial system by running it from within chroot) I had
to start over. So, before trying 'stripping again' I exited,
unmounted, copied everything, then remounted before trying
'stripping again'.
I guess that means I can look at the backup to confirm that
stripping again did change the perms. Will do that later.
Meanwhile, thanks for the correction for wall.
ĸen
--
He died at the console, of hunger and thirst.
Next day he was buried, face-down, nine-edge first.
- the perfect programmer
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
