| Summary: | Test failure (0.18.5): common/tests/test-compat | ||
|---|---|---|---|
| Product: | p11-glue | Reporter: | manphiz |
| Component: | p11-kit | Assignee: | Stef Walter <stefw> |
| Status: | NEEDINFO --- | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | x86-64 (AMD64) | ||
| OS: | Mac OS X (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: |
Test result of common/tests/test-compat of 0.18.5
config.h from failed build |
||
Could you attach the config.h header from the build? Created attachment 83185 [details]
config.h from failed build
Added config.h as requested.
Could you run the following (or equivalent commands). Make sure to start running them as a non-root user: $ cp common/tests/frob-getauxval /tmp $ chmod ug+s /tmp/frob-getauxval $ /tmp/frob-getauxval 23 getauxval(23) == 0 $ ls -l /tmp/frob-getauxval -rwsrwsr-x. 1 user group 26530 29. Jul 10:32 /tmp/frob-getauxval $ sudo /tmp/frob-getauxval 23 [sudo] password for user: getauxval(23) == 1 Commands as requested: bash-3.2$ cp common/tests/frob-getauxval /tmp bash-3.2$ chmod ug+s /tmp/frob-getauxval bash-3.2$ /tmp/frob-getauxval 23 getauxval(23) == 0 bash-3.2$ ls -l /tmp/frob-getauxval -rwsr-xr-x 1 dxy wheel 10320 Jul 29 01:51 /tmp/frob-getauxval bash-3.2$ sudo /tmp/frob-getauxval 23 Password: getauxval(23) == 1 However, I do notice that there are lots of other files with similar names, like: -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:40 frob-getauxval.Isfo5r -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:39 frob-getauxval.M58fyT -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 19:30 frob-getauxval.ZfEeqI -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 29 01:49 frob-getauxval.Zm7jiy -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 29 00:59 frob-getauxval.ijYMgQ -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:40 frob-getauxval.tt4RdK -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:47 frob-getauxval.xf58jO -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:29 frob-getauxval.xwi65F -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:35 frob-getauxval.ywypgx And those files don't get the u+s set. Not sure how it connects to this problem. Also note that I was using homebrew package manager, and it builds the packages in /tmp, which is a symlink to /private/tmp, as: bash-3.2$ pwd /private/tmp/p11-kit-Zz2A/p11-kit-0.18.5 (In reply to comment #4) > Commands as requested: > > bash-3.2$ cp common/tests/frob-getauxval /tmp > bash-3.2$ chmod ug+s /tmp/frob-getauxval > bash-3.2$ /tmp/frob-getauxval 23 > getauxval(23) == 0 > bash-3.2$ ls -l /tmp/frob-getauxval > -rwsr-xr-x 1 dxy wheel 10320 Jul 29 01:51 /tmp/frob-getauxval > bash-3.2$ sudo /tmp/frob-getauxval 23 > Password: > getauxval(23) == 1 > > > However, I do notice that there are lots of other files with similar names, > like: > <snip> > > And those files don't get the u+s set. Not sure how it connects to this > problem. Interesting. Could you try the above tests without the u+s flag set, just g+s? What we need to determine is if 'frob-getauxval 23' returns non-zero when running setgid(). So I set the file to have only g+s, and it actually does return 1, as below: $ ls -l frob-getauxval -rwxr-s--- 1 dxy wheel 10320 Jul 29 01:51 frob-getauxval $ ./frob-getauxval 23 getauxval(23) == 1 However, I checked the files generated during the building process, but it returns 0 instead: $ ls -l frob-getauxval.ywypgx -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 18:35 frob-getauxval.ywypgx $ ./frob-getauxval.ywypgx 23 getauxval(23) == 0 The problem here is the group is not wheel. After setting the group correctly it seems to do the job: $ sudo chgrp wheel frob-getauxval.ywypgx $ ls -l frob-getauxval.ywypgx -rwxr-s--- 1 dxy wheel 10320 Jul 28 18:35 frob-getauxval.ywypgx $ ./frob-getauxval.ywypgx 23 getauxval(23) == 1 (In reply to comment #6) > However, I checked the files generated during the building process, but it > returns 0 instead: > > $ ls -l frob-getauxval.ywypgx > -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 > 18:35 frob-getauxval.ywypgx > $ ./frob-getauxval.ywypgx 23 > getauxval(23) == 0 Is this because the user running the file has the group in their credentials? Does it only work when the setgid group is not present in the credentials? (In reply to comment #7) > (In reply to comment #6) > > However, I checked the files generated during the building process, but it > > returns 0 instead: > > > > $ ls -l frob-getauxval.ywypgx > > -rwxr-s--- 1 dxy com.apple.access_screensharing-disabled 10320 Jul 28 > > 18:35 frob-getauxval.ywypgx > > $ ./frob-getauxval.ywypgx 23 > > getauxval(23) == 0 > > Is this because the user running the file has the group in their > credentials? Does it only work when the setgid group is not present in the > credentials? Exactly. My account is a member of com.apple.access_screensharing-disabled. If I chgrp to something that my account doesn't belong to, like mail, wheel, etc., the program shows 1. Can you think of a simple way to do that from the tests running as non-root? FWIW, this test also spuriously fails if /tmp is mounted nosuid (which seems like a rather good idea in any case). Just a thought: maybe create a group temporarily and make sure that current user is not a member, and clean up the group afterwards. But as Nix pointed out, this still fails when the disk partition is mounted nosuid. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 83157 [details] Test result of common/tests/test-compat of 0.18.5 On Mac OS X 10.8.4, common/tests/test-compat fails in version 0.18.5. The error log is attached. Basically it is because that ret is zero after last statement.