[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
** No longer affects: binutils (Ubuntu) ** Changed in: debhelper (Ubuntu) Importance: Undecided => High ** Tags added: regression-release -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in debhelper package in Ubuntu: Fix Released Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debhelper/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
** No longer affects: virtualbox (Ubuntu) ** No longer affects: linux (Ubuntu) ** No longer affects: debugedit (Ubuntu) ** No longer affects: dash (Ubuntu) ** No longer affects: bash (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in binutils package in Ubuntu: New Status in debhelper package in Ubuntu: Fix Released Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
This bug was fixed in the package debhelper - 13.3.4ubuntu2 --- debhelper (13.3.4ubuntu2) impish; urgency=medium * objcopy/strip changed in 2.36.1, not keeping file attributes of the original file. Work around that in dh_strip to write to a temporary file, copying attributes, cat'ing this to the original file, copying attributes again to keep the original attributes. LP: #1938886 -- Dimitri John Ledkov Wed, 04 Aug 2021 19:23:25 +0100 ** Changed in: debhelper (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: Invalid Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: Invalid Status in debhelper package in Ubuntu: Fix Released Status in debugedit package in Ubuntu: Invalid Status in linux package in Ubuntu: Invalid Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
** Patch removed: "chmod-reference.patch" https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1938886/+attachment/5515876/+files/chmod-reference.patch ** Patch added: "chmod-reference.patch" https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1938886/+attachment/5515888/+files/chmod-reference.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: Invalid Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: Invalid Status in debhelper package in Ubuntu: Triaged Status in debugedit package in Ubuntu: Invalid Status in linux package in Ubuntu: Invalid Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: Invalid Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: Invalid Status in debhelper package in Ubuntu: Triaged Status in debugedit package in Ubuntu: Invalid Status in linux package in Ubuntu: Invalid Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
** Patch added: "chmod-reference.patch" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1938886/+attachment/5515876/+files/chmod-reference.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: Invalid Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: Invalid Status in debhelper package in Ubuntu: Triaged Status in debugedit package in Ubuntu: Invalid Status in linux package in Ubuntu: Invalid Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
** Changed in: bash (Ubuntu) Status: New => Invalid ** Changed in: dash (Ubuntu) Status: New => Invalid ** Changed in: debhelper (Ubuntu) Status: New => Triaged ** Changed in: debugedit (Ubuntu) Status: New => Invalid ** Changed in: linux (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: Invalid Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: Invalid Status in debhelper package in Ubuntu: Triaged Status in debugedit package in Ubuntu: Invalid Status in linux package in Ubuntu: Invalid Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
Based on https://elixir.bootlin.com/linux/latest/source/fs/inode.c#L1928 it seems that setuid and capabilities will be stipped, thus currently our implementation of dh_strip causes to loose setuid and capabilities. No idea why this is working with fakeroot when Rules-Requires-Root is set to binary-targets. And doesn't when it is set to "no". chmod +s debian/virtualbox/usr/lib/virtualbox/VBoxSDL ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 xnox xnox 166208 Aug 4 18:59 debian/virtualbox/usr/lib/virtualbox/VBoxSDL $ cat debian/control | grep Rules Rules-Requires-Root: no $ fakeroot dh_strip -pvirtualbox $ ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 xnox xnox 166208 Aug 4 18:59 debian/virtualbox/usr/lib/virtualbox/VBoxSDL $ chmod +s debian/virtualbox/usr/lib/virtualbox/VBoxSDL $ ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 xnox xnox 166208 Aug 4 18:59 debian/virtualbox/usr/lib/virtualbox/VBoxSDL $ sed '/Rules-Requires-Root/s/no/binary-targets/' -i debian/control $ cat debian/control | grep Rules Rules-Requires-Root: binary-targets $ fakeroot dh_strip -pvirtualbox $ ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 xnox xnox 166208 Aug 4 19:01 debian/virtualbox/usr/lib/virtualbox/VBoxSDL -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: New Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in linux package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
separately I'm not sure who/what/why stips setuid bits on file creation through redirect. is it like some kind of a CVE in bash/dash? kernel protection? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: New Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in linux package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
- objcopy/strip changed in 2.36.1, not keeping file attributes of the original file. Work around that in dh_strip to write to a temporary file and cat'ing this to the original file to keep the original attributes. which is broken for setuid files. ** Also affects: dash (Ubuntu) Importance: Undecided Status: New ** Also affects: bash (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: New Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in linux package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
dh_strip does strip --remove-section=.comment --remove-section=.note --strip-unneeded -o /tmp/OdGxqpWWsW/stripeIrB_j debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so cat '/tmp/OdGxqpWWsW/stripeIrB_j' > 'debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so' which behaves differently under root and non-root. specifically `cat anything > file` will strip setuid bits from file, irrespective of umask. As root: cat /dev/null > foo chmod +s foo ls -latr foo -rwSr-Sr-- 1 root root 0 Aug 4 18:36 foo cat /dev/null > foo ls -latr foo -rwSr-Sr-- 1 root root 0 Aug 4 18:36 foo As mere mortal: cat /dev/null > foo chmod +s foo ls -latr foo -rwSr-Sr-- 1 xnox xnox 0 Aug 4 18:34 foo cat /dev/null > foo ls -latr foo -rw-r-Sr-- 1 xnox xnox 0 Aug 4 18:34 foo I really do not understand why mere-mortal strips user uid, keeps group uid, and root doesn't do that. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in bash package in Ubuntu: New Status in binutils package in Ubuntu: New Status in dash package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in linux package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
With debugedit v5.0 things are still the same https://launchpadlibrarian.net/551609214/buildlog_ubuntu-impish- amd64.virtualbox_6.1.26-dfsg-2ubuntu1_BUILDING.txt.gz the setuid bit is lost. I guess we need to dig deeper into dh_strip activities, to see what/where/how it is lost. Maybe it is lost before debugedit. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in binutils package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406824 Aug 4 15:51 debian/virtualbox/usr/lib/virtualbox/VBoxSDL dh_strip --dbgsym-migration='virtualbox-dbg' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Aug 4 15:52 debian/virtualbox/usr/lib/virtualbox/VBoxSDL -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in binutils package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit
I updated debugedit to 5.0 version, the changelog looks like adding some errors when chmod can't be done correctly @@ -3419,7 +3431,8 @@ } /* Make sure we can read and write */ - chmod (file, stat_buf.st_mode | S_IRUSR | S_IWUSR); + if (chmod (file, stat_buf.st_mode | S_IRUSR | S_IWUSR) != 0) +error (0, errno, "Failed to chmod input file '%s' to make sure we can read and write", file); fd = open (file, O_RDWR); if (fd < 0) @@ -3635,7 +3648,8 @@ close (fd); /* Restore old access rights */ - chmod (file, stat_buf.st_mode); + if (chmod (file, stat_buf.st_mode) != 0) +error (0, errno, "Failed to chmod input file '%s' to restore old access rights", file); free ((char *) dso->filename); destroy_strings (&dso->debug_str); @@ -349,7 +352,8 @@ } /* Make sure we can read and write */ - chmod (fname, stat_buf.st_mode | S_IRUSR | S_IWUSR); + if (chmod (fname, stat_buf.st_mode | S_IRUSR | S_IWUSR) != 0) + error (0, errno, _("cannot chmod \"%s\" to make sure we can read and write"), fname); bool failed = false; int fd = open64 (fname, O_RDWR); @@ -386,7 +390,8 @@ } /* Restore old access rights. Including any suid bits reset. */ - chmod (fname, stat_buf.st_mode); + if (chmod (fname, stat_buf.st_mode) != 0) + error (0, errno, _("cannot chmod \"%s\" to restore old access rights"), fname); if (failed) failed_count++; and similar. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1938886 Title: rrr:no dh_strip or strip loose setuid bit Status in binutils package in Ubuntu: New Status in debhelper package in Ubuntu: New Status in debugedit package in Ubuntu: New Status in virtualbox package in Ubuntu: New Bug description: Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu- hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz I have rebuilt an earlier version of virtualbox, that sets Rules- Requires-Root: no and added extra ls statements to find where/when/why setuid bits are getting lost after fixperms. make[1]: Leaving directory '/<>' debian/rules override_dh_strip make[1]: Entering directory '/<>' ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL ... dh_strip --dbgsym-migration='virtualbox-dbg' debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20 a7cf3c43c8b18c3261d2d4737a475bf730ad1554 ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL It seems to me that either dh_strip or something it calls (strip, debugedit) looses the setuid permission in hirsute and up. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1938886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp