WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: permission errors  (Read 4420 times)

Offline jpeters

  • Restricted
  • Hero Member
  • *****
  • Posts: 1017
permission errors
« on: September 15, 2009, 01:32:07 AM »
I know I posted a similar issue for tc_2.3RC1.  I was able to reproduce it in TC_2.3.1  logging in both as tc and as root (noautologin), right after rebooting.   I haven't tried with base, norestore.   /usr/local/tce.installed changes to root:root after the install. I think it only happened with ram install. I'll experiment a little more.  (edit: I just noticed the date!)

Code: [Select]
tc@box:~$ ls -ld /usr/local/tce.installed
drwxr-xr-x    2 tc       staff        1520 Sep 14 22:10 /usr/local/tce.installed
tc@box:~$ tce-load -i -r -w xonclock.tcz
sed: couldn't open temporary file /opt//sedyEdQTY: Permission denied
Connecting to distro.ibiblio.org (152.46.7.109:80)
xonclock.tcz         100% |*******************************|   212k 00:00:00 ETA
xonclock.tcz: OK
tc@box:~$ ls -ld /usr/local/tce.installed
drwxr-xr-x    2 root     root         1540 Jan  1  1970 /usr/local/tce.installed



edit: I get the sed error, but permissions remain with regular tcz install:
Code: [Select]
tc@box:~$ ls -ld /usr/local/tce.installed/
drwxr-xr-x    2 tc       staff        1520 Sep 14 22:36 /usr/local/tce.installed                          //
tc@box:~$ tce-load -i -w xonclock.tcz  
sed: couldn't open temporary file /opt//sed7rq4kF: Permission denied
Connecting to distro.ibiblio.org (152.46.7.109:80)
xonclock.tcz         100% |*******************************|   212k 00:00:00 ETA
xonclock.tcz: OK
tc@box:~$ ls -ld /usr/local/tce.installed/
drwxr-xr-x    2 tc       staff        1540 Sep 14 22:38 /usr/local/tce.installed                          //

Edit:

I booted base norestore and got same problem (although no sed error):
Code: [Select]
tc@box:~$ ls -ld /usr/local/tce.installed
drwxrwxr-x    2 tc       staff          60 Sep 14 22:44 /usr/local/tce.installed/
tc@box:~$ tce-load -i -r -w xonclock.tcz
Connecting to distro.ibiblio.org (152.46.7.109:80)
graphics-libs-1.tczl 100% |*******************************|   772k 00:00:00 ETA
graphics-libs-1.tczl: OK
Connecting to distro.ibiblio.org (152.46.7.109:80)
expat2.tczl          100% |*******************************| 69632  00:00:00 ETA
expat2.tczl: OK
Connecting to distro.ibiblio.org (152.46.7.109:80)
fontconfig.tczl      100% |*******************************|   112k 00:00:00 ETA
fontconfig.tczl: OK
Connecting to distro.ibiblio.org (152.46.7.109:80)
xonclock.tcz         100% |*******************************|   212k 00:00:00 ETA
xonclock.tcz: OK
tc@box:~$ ls -ld /usr/local/tce.installed
drwxr-xr-x    2 root     root          140 Jan  1  1970 /usr/local/tce.installed/




« Last Edit: September 15, 2009, 03:08:46 AM by jpeters »

Offline jpeters

  • Restricted
  • Hero Member
  • *****
  • Posts: 1017
Re: permission errors
« Reply #1 on: September 25, 2009, 03:56:26 AM »
Looks like the culprit is the wrapper getting passed to /usr/local/tce.installed.  The give away is the date:
Code: [Select]
tc@box:/usr/local/tce.installed$ ls -l xonclock
-rwxr-xr-x    1 tc       staff         132 Jan  1  1970 xonclock

Looks like the xonclock permission has been fixed, though (despite the date).  The directory permission seems to get altered by the last installed extension.  If it's root:root, it won't be able to write the next extension that gets loaded. (this could get weird with submitted extensions w/wrappers)

Code: [Select]
tc@box:~$ ls -ld /usr/local/tce.installed/
drwxr-xr-x    2 tc       staff        1780 Jan  1  1970 /usr/local/tce.installed//
« Last Edit: September 25, 2009, 04:45:28 AM by jpeters »

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: permission errors
« Reply #2 on: September 25, 2009, 09:30:02 AM »
When creating extensions it is important to preserve all upstream permissions.
10+ Years Contributing to Linux Open Source Projects.

Offline jpeters

  • Restricted
  • Hero Member
  • *****
  • Posts: 1017
Re: permission errors
« Reply #3 on: September 25, 2009, 11:32:44 AM »
When creating extensions it is important to preserve all upstream permissions.

While technically perhaps an extension issue, the vulnerability quickly becomes an os issue. A quick check in tce-load would close it.  (I've got one in "update")

edit: the problem continues after a reboot with the automatic load:

Code: [Select]
tc@box:/usr/local$ ls -ld tce.installed/
drwxr-xr-x    2 tc       staff        1780 Jan  1  1970 tce.installed//
« Last Edit: September 25, 2009, 11:50:02 AM by jpeters »

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: permission errors
« Reply #4 on: September 25, 2009, 12:15:18 PM »
I could do that until the next upstream file is clobbered by a poorly constructed extension.
It should not be up to the OS to revalidate every upstream file, as that would surely slow down the whole system. Following proper extension creation rules makes for an optimum results.
10+ Years Contributing to Linux Open Source Projects.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: permission errors
« Reply #5 on: September 25, 2009, 12:21:44 PM »
Following proper extension creation rules makes for an optimum results.

And evaluation of extensions against these rules.
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: permission errors
« Reply #6 on: September 25, 2009, 12:24:33 PM »
Any *nix system can be clobbered by changing certain permissions. It is not unique to core.
10+ Years Contributing to Linux Open Source Projects.

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: permission errors
« Reply #7 on: September 25, 2009, 12:29:20 PM »
I am in the middle of updating the extension audit script that will test for the permssions of /usr/local/tce.installed.  I will use it before posting extensions, and as before it is advisable to use it to test with before submitting.

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: permission errors
« Reply #8 on: September 25, 2009, 10:27:20 PM »
I have converted all the cramfs/zisofs extensions to squashfs and along with the most existing squashfs extensions have corrected the permissions of /usr/local/tce.installed in each one.  There shouldn't be any more problem with this but if there is please list the offending extensions in this thread.

« Last Edit: September 25, 2009, 10:29:35 PM by Jason W »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11050
Re: permission errors
« Reply #9 on: September 26, 2009, 05:23:36 AM »
Wow Jason, you're doing a lot of work. Scripted probably, but still. Thanks for all you do.
The only barriers that can stop you are the ones you create yourself.

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Re: permission errors
« Reply #10 on: September 26, 2009, 06:24:16 AM »
Thanks.

It was scripted for sure.  :)  Did the uploading while I slept so not much time was invested.

Offline jpeters

  • Restricted
  • Hero Member
  • *****
  • Posts: 1017
Re: permission errors
« Reply #11 on: September 26, 2009, 12:09:07 PM »
Probably trivial, but what's with the weird dates, like in xonclock, that then are then listed for /usr/local/tce.installed?   Is there a way not to clobber tce.installed's permissions? 

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11050
Re: permission errors
« Reply #12 on: September 26, 2009, 02:02:45 PM »
cramfs does not store dates. One of the limitations it has.
The only barriers that can stop you are the ones you create yourself.