You are not logged in.

#1 2017-12-29 09:36:55

kinodont
Member
Registered: 2017-12-29
Posts: 4

testing/xorg-server: Xorg.wrap is missing the SUID bit

Hello,

I have a laptop that has no KMS support, and after the upgrade to xorg-server 1.19.6-2.0, the X server could not start because the Xorg.wrap binary did not have the SUID bit set

$ tar -tvf xorg-server-1.19.6-2.0-i686.pkg.tar.xz 2> /dev/null
[...]
drwxr-xr-x root/root         0 2017-12-28 11:42 usr/lib/xorg-server/
-rwxr-xr-x root/root      9712 2017-12-28 11:42 usr/lib/xorg-server/Xorg.wrap
-rwxr-xr-x root/root   2554756 2017-12-28 11:42 usr/lib/xorg-server/Xorg
[...]

For reference, this is the output for xorg-server 1.19.5-1 from extra:

$ tar -tvf xorg-server-1.19.5-1-i686.pkg.tar.xz 2> /dev/null
[...]
drwxr-xr-x root/root         0 2017-10-13 17:26 usr/lib/xorg-server/
-rwsr-xr-x root/root      9688 2017-10-13 17:26 usr/lib/xorg-server/Xorg.wrap
-rwxr-xr-x root/root   2554728 2017-10-13 17:26 usr/lib/xorg-server/Xorg
[...]

Last edited by kinodont (2017-12-29 09:38:33)

Offline

#2 2017-12-29 10:10:20

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

This is strange, the respective file seems to get installed by "make install" and I can't think of a reason, why that should fail to set suid. I'll look into this.

Offline

#3 2017-12-29 10:30:22

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

interestingly, the x86_64 build also does not set suid for me ... I'll open a bug upstream

Offline

#4 2017-12-29 10:46:34

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

Offline

#5 2017-12-29 13:16:52

kinodont
Member
Registered: 2017-12-29
Posts: 4

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

I see that the bug has been closed. I couldn't reproduce it either on my system.

Here are the steps I've taken:

$ asp update
$ asp export extra/xorg-server
$ asp shortlog xorg-server | head -n 1
b0a1c2fbb6ff248ba37914218c29c43243d6e237 Remove dependency on xorg-fonts-misc (FS#56808)
$ cd xorg-server
$ extra-x86_64-build
$ tar -tvf xorg-server-1.19.6-2-x86_64.pkg.tar.xz 2> /dev/null | grep '/xorg-server/Xorg\.wrap'
-rwsr-xr-x root/root     10432 2017-12-29 14:14 usr/lib/xorg-server/Xorg.wrap

Offline

#6 2017-12-29 13:58:57

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

ok, I see three possibilities, then:
1st: the additional dependency messes something up (I don't think so)
2nd: devtools32 diverged far enough from devtools
3rd: my systems are messed up

I'm currently checking for the 2nd by building with original devtools.

Offline

#7 2017-12-29 14:00:59

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

ok, original devtools also generate a binary w/o suid for me.
I'll reset my build environments now ...

Offline

#8 2017-12-29 14:18:42

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

nope, didn't help either

Offline

#9 2017-12-29 15:09:14

kinodont
Member
Registered: 2017-12-29
Posts: 4

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

Honestly, I'm not sure.

Here is a few more things to check:

xorg-server-1.19.6-2-x86_64-package_xorg-server.log from the build should contain

chown root /build/xorg-server/pkg/xorg-server/usr/lib/xorg-server/Xorg.wrap && chmod u+s /build/xorg-server/pkg/xorg-server/usr/lib/xorg-server/Xorg.wrap

The SUID bit should be seen in a fakeroot environment and out of it, and it should be present in the create archive:

$ cd <package-destination-dir>
$ fakeroot /bin/bash
# touch suid
# chown root suid
# chmod a+x,u+s suid
# ls -l suid
-rwsr-xr-x 1 root root 0 Dec 29 15:50 suid
# tar -cJf archive.tar.xz suid
# exit
$ tar -tvf archive.tar.xz
-rwsr-xr-x root/root         0 2017-12-29 16:01 suid
$ ls -l suid
$ -rwsr-xr-x 1 kinodont users 0 Dec 29 15:50 suid

Offline

#10 2017-12-29 21:51:42

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

interestingly, I have

chown root /build/xorg-server/pkg/xorg-server/usr/lib/xorg-server/Xorg.wrap && chmod u+s /build/xorg-server/pkg/xorg-server/usr/lib/xorg-server/Xorg.wrap
chown: cannot access '/build/xorg-server/pkg/xorg-server/usr/lib/xorg-server/Xorg.wrap': No such file or directory
make[6]: [Makefile:1151: install-exec-hook] Error 1 (ignored)

there - maybe it's a race condition?

Offline

#11 2017-12-30 08:10:20

kinodont
Member
Registered: 2017-12-29
Posts: 4

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

Yes, looks like that's exactly it. Xorg.wrap is installed in the install-data hook, but the chmod is applied in the install-exec hook, and they can be reordered freely.

According to the automake manual, just putting 'exec' in the name of the Xorg.wrap program variable should place it in the correct hook.

The following changes to the PKGBUILD should (hopefully) do the trick.

Offline

#12 2017-12-30 08:20:24

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

I'll give it a shot smile

Offline

#13 2017-12-30 08:48:19

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 404

Re: testing/xorg-server: Xorg.wrap is missing the SUID bit

yup, worked: xorg-server-1.19.6-2.1 has suid

Offline

Board footer

Powered by FluxBB