Hi everybody, Is someone can confirm me that there are 2 bugs never fixed: - first in the stat command. Only with the -x option. If you execute stat -x on /tmp or /usr/bin/passwd parameters for example, the numeric representation of mode is wrong. The "special" bits are always 0. No suid-bit, no sticky bit! - Second. Because of a missing suid-bit on the newgrp command, this one is not really usable for users other than root. Best regards, Yannick Cadin
On Sun, 26 Oct 2008, Yannick Cadin wrote:> - first in the stat command. Only with the -x option. If you execute stat -x > on /tmp or /usr/bin/passwd parameters for example, the numeric representation > of mode is wrong. The "special" bits are always 0. No suid-bit, no sticky > bit!Although this does seem wrong to me, the code does it deliberately. I'm not sure why, it may be to be compatible with Linux (as the -x option is documented in the man page as giving "Linux format" output).> - Second. Because of a missing suid-bit on the newgrp command, this one is > not really usable for users other than root.This is deliberate, and is docimented in make.conf(5). Because almost nobody uses newgrp(1) and because it has the potential to be a security hole, it's not installed setuid by default. If you want it installing setuid, set ENABLE_SUID_NEWGRP in make.conf. Gavin
Yannick Cadin wrote:> Hi everybody, > > Is someone can confirm me that there are 2 bugs never fixed: > > - first in the stat command. Only with the -x option. If you execute > stat -x on /tmp or /usr/bin/passwd parameters for example, the numeric > representation of mode is wrong. The "special" bits are always 0. No > suid-bit, no sticky bit!Our version of stat(1) is essentially an exact duplicate of the code from NetBSD. I imported this originally, but I have not not had time to merge changes for a while now. If anyone is interested in taking this on have a look at: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/stat/ If you get stuck with something please ask for help on -hackers first. If you get a patch against HEAD I will be glad to take a look at it, and commit it if appropriate. hth, Doug -- This .signature sanitized for your protection
Hi, On 2009-01-09, Doug Barton wrote:> Yannick Cadin wrote: > > - first in the stat command. Only with the -x option. If you execute > > stat -x on /tmp or /usr/bin/passwd parameters for example, the numeric > > representation of mode is wrong. The "special" bits are always 0. No > > suid-bit, no sticky bit! > > Our version of stat(1) is essentially an exact duplicate of the code > from NetBSD. I imported this originally, but I have not not had time > to merge changes for a while now. If anyone is interested in taking > this on have a look at: > > http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/stat/The reported bug still exists in the NetBSD version too. I believe that the following patch fixes the bug: %%% Index: usr.bin/stat/stat.c ==================================================================--- usr.bin/stat/stat.c (revision 186786) +++ usr.bin/stat/stat.c (working copy) @@ -108,7 +108,8 @@ __FBSDID("$FreeBSD$"); #define LINUX_FORMAT \ " File: \"%N\"%n" \ " Size: %-11z FileType: %HT%n" \ - " Mode: (%04OLp/%.10Sp) Uid: (%5u/%8Su) Gid: (%5g/%8Sg)%n" \ + " Mode: (%OMp%03OLp/%.10Sp) " \ + "Uid: (%5u/%8Su) Gid: (%5g/%8Sg)%n" \ "Device: %Hd,%Ld Inode: %i Links: %l%n" \ "Access: %Sa%n" \ "Modify: %Sm%n" \ %%% -- Jaakko