[Bug 1938886] Re: rrr:no dh_strip or strip loose setuid bit

Dimitri John Ledkov 1938886 at bugs.launchpad.net
Wed Aug 4 17:39:09 UTC 2021 

dh_strip does

strip --remove-section=.comment --remove-section=.note --strip-unneeded -o /tmp/OdGxqpWWsW/stripeIrB_j debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so
cat '/tmp/OdGxqpWWsW/stripeIrB_j' > 'debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so'

which behaves differently under root and non-root.

specifically `cat anything > file` will strip setuid bits from file,
irrespective of umask.

As root:
cat /dev/null > foo
chmod +s foo
ls -latr foo
-rwSr-Sr-- 1 root root 0 Aug  4 18:36 foo
cat /dev/null > foo
ls -latr foo
-rwSr-Sr-- 1 root root 0 Aug  4 18:36 foo

As mere mortal:

cat /dev/null > foo
chmod +s foo
ls -latr foo
-rwSr-Sr-- 1 xnox xnox 0 Aug  4 18:34 foo
cat /dev/null > foo
ls -latr foo
-rw-r-Sr-- 1 xnox xnox 0 Aug  4 18:34 foo

I really do not understand why mere-mortal strips user uid, keeps group
uid, and root doesn't do that.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to debhelper in Ubuntu.
https://bugs.launchpad.net/bugs/1938886

Title:
  rrr:no dh_strip or strip loose setuid bit

Status in bash package in Ubuntu:
  New
Status in binutils package in Ubuntu:
  New
Status in dash package in Ubuntu:
  New
Status in debhelper package in Ubuntu:
  New
Status in debugedit package in Ubuntu:
  New
Status in linux package in Ubuntu:
  New
Status in virtualbox package in Ubuntu:
  New

Bug description:
  Over at https://launchpadlibrarian.net/550715513/buildlog_ubuntu-
  hirsute-amd64.virtualbox_6.1.22-dfsg-2~ubuntu1.21.04.2_BUILDING.txt.gz

  I have rebuilt an earlier version of virtualbox, that sets Rules-
  Requires-Root: no and added extra ls statements to find where/when/why
  setuid bits are getting lost after fixperms.

  make[1]: Leaving directory '/<<PKGBUILDDIR>>'
     debian/rules override_dh_strip
  make[1]: Entering directory '/<<PKGBUILDDIR>>'
  ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL
  -rwsr-sr-x 1 buildd buildd 406808 Jul 29 14:34 debian/virtualbox/usr/lib/virtualbox/VBoxSDL
  ...
  dh_strip --dbgsym-migration='virtualbox-dbg'
  debugedit: debian/virtualbox/usr/lib/virtualbox/VBoxSDL.so: Unknown DWARF DW_FORM_0x1f20
  a7cf3c43c8b18c3261d2d4737a475bf730ad1554

  ls -latr debian/virtualbox/usr/lib/virtualbox/VBoxSDL
  -rwxr-xr-x 1 buildd buildd 166208 Jul 29 14:35 debian/virtualbox/usr/lib/virtualbox/VBoxSDL

  It seems to me that either dh_strip or something it calls (strip,
  debugedit) looses the setuid permission in hirsute and up.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1938886/+subscriptions

More information about the foundations-bugs mailing list