From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id sO4hJsssrF6/MAAA0tVLHw (envelope-from ) for ; Fri, 01 May 2020 14:06:03 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id ACTyKtQsrF4lSQAA1q6Kng (envelope-from ) for ; Fri, 01 May 2020 14:06:12 +0000 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AE520943308 for ; Fri, 1 May 2020 14:06:11 +0000 (UTC) Received: from localhost ([::1]:44070 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUWIs-000212-6i for larch@yhetil.org; Fri, 01 May 2020 10:06:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36770) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUWIk-0001yg-RN for guix-patches@gnu.org; Fri, 01 May 2020 10:06:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jUWIk-0005E9-8t for guix-patches@gnu.org; Fri, 01 May 2020 10:06:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38807) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jUWIj-0005Dg-S1 for guix-patches@gnu.org; Fri, 01 May 2020 10:06:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jUWIj-0000RO-MK for guix-patches@gnu.org; Fri, 01 May 2020 10:06:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#40922] gnu: udevil: Fix loading of setuid-programs. Resent-From: Raghav Gururajan Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 01 May 2020 14:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40922 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Danny Milosavljevic Cc: 40922@debbugs.gnu.org Received: via spool by 40922-submit@debbugs.gnu.org id=B40922.15883419391649 (code B ref 40922); Fri, 01 May 2020 14:06:01 +0000 Received: (at 40922) by debbugs.gnu.org; 1 May 2020 14:05:39 +0000 Received: from localhost ([127.0.0.1]:50353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUWIM-0000QX-PY for submit@debbugs.gnu.org; Fri, 01 May 2020 10:05:38 -0400 Received: from knopi.disroot.org ([178.21.23.139]:47118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUWIL-0000QN-Bh for 40922@debbugs.gnu.org; Fri, 01 May 2020 10:05:38 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 84E0F2CC4B; Fri, 1 May 2020 16:05:35 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMvxiq8R6PwQ; Fri, 1 May 2020 16:05:34 +0200 (CEST) Date: Fri, 1 May 2020 10:05:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1588341934; bh=d+eEDNUg9oqcyPs01ehSixjmnNNALmOIie/w0V4eXs0=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=LstPujJs6nz2UeVzdSYZbsbgQMrDfqXbgMrH1MXS4bUvV3Is0Kl7Ra7p8N+MIHhhx BEIP7uEV/gbKdntoNLvVl48FkONuZGBXwJKQX2528Y+EY7oeqAfuE8B8uH2AeVyEdc H6PcaoNZfcGg6WPcPQMpkGWv8yryfXe+yZpoq5GTbb8xGnJSZA0SBhq3BeVTwqsWd3 nqfo3idVuwzvbhbf5jnacydJa44f/WSoc1cd5Iwbd+RCjrFxoV16fVXMnxZDCWUDsz SNK8FxjbJ8p+CFq9idaFAtyawbF0p93GY/Ux2iQd6AakVGIIzfvun6WJpZ2FR/VaUz SXGizqUkUsfdw== From: Raghav Gururajan Message-ID: <20200501100506.174e5fa1.raghavgururajan@disroot.org> In-Reply-To: <20200501142405.75821fbb@scratchpost.org> References: <20200428025228.09935bde.raghavgururajan@disroot.org> <20200501142405.75821fbb@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 X-Spam-Score: 1.59 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=disroot.org header.s=mail header.b=LstPujJs; dmarc=fail reason="SPF not aligned (relaxed)" header.from=disroot.org (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Scan-Result: default: False [1.59 / 13.00]; GENERIC_REPUTATION(0.00)[-0.49514308502949]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c]; R_DKIM_REJECT(1.00)[disroot.org:s=mail]; DWL_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; MV_CASE(0.50)[]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.16), country: US(-0.00), ip: 2001:470:142::17(-0.50)]; DKIM_TRACE(0.00)[disroot.org:-]; RCPT_COUNT_TWO(0.00)[2]; MX_GOOD(-0.50)[cached: eggs.gnu.org]; MAILLIST(-0.20)[mailman]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US]; TAGGED_FROM(0.00)[larch=yhetil.org]; FROM_NEQ_ENVFROM(0.00)[raghavgururajan@disroot.org,guix-patches-bounces@gnu.org]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; DNSWL_BLOCKED(0.00)[2001:470:142::17:from]; MID_CONTAINS_FROM(1.00)[]; RCVD_COUNT_SEVEN(0.00)[10]; FORGED_SENDER_MAILLIST(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[disroot.org : SPF not aligned (relaxed),none] X-TUID: upmxm13TaCuM Hi Danny! > Why are both needed at the same time? If udevil is setuid root, then the > other tools are invoked as root anyway, right? Or does udevil drop root > privileges? (short look into src/udevil.c suggests yes) Yes, both are needed at same time. I tried them alternatively, did not work. As you mentioned, it drops previleges (file:src/udevil.c ; line:5061). > Is there a description from upstream how all that is supposed to work? There is some description in "Set SUID" section of README file (https://github.com/IgnorantGuru/udevil/blob/master/README). > Remainder OK. Thanks! Regards, RG.