From: bugzilla at busybox.net <bugzilla@busybox.net>
To: buildroot@busybox.net
Subject: [Buildroot] [Bug 7981] New: Target file system skeleton permissions hazard
Date: Tue, 31 Mar 2015 19:48:45 +0000 (UTC) [thread overview]
Message-ID: <bug-7981-163@https.bugs.busybox.net/> (raw)
https://bugs.busybox.net/show_bug.cgi?id=7981
Summary: Target file system skeleton permissions hazard
Product: buildroot
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Other
AssignedTo: unassigned at buildroot.uclibc.org
ReportedBy: juju at cotds.org
CC: buildroot at uclibc.org
Estimated Hours: 0.0
The content of the file "system/device_table.txt" is a subset of filesystem
structure present in "system/skeleton/".
Permissions of entries in the skeleton that are not in the device_table.txt
will inherits their permission from the building user environment. Those
permissions will mainly depends of the developer's umask at the moment of the
git checkout (or tar extraction).
This could lead to some file permissions hazard, especially when the
developer's umask is not 0022 AND a user is added to the buildroot target
system (with mkusers). Basically, this user account won't be usable if it
cannot access to its home directory or binaries.
How to reproduce:
tested with master branch at commit 6202592
cd /var/tmp/
umask 0077
git clone git://git.buildroot.net/buildroot
make qemu_x86_defconfig # Any defconfig will be fine
make
ls -al output/target/
Actual result:
The following target filesystem entries won't be accessible by a user other
than root:
/bin
/home
/lib
/media
/mnt
/opt
/proc
/run
/sbin
/sys
/usr
/usr/bin
/usr/lib
/usr/sbin
/var
/var/lib
Expected result:
Default target file system permissions should be stable and usable by a user,
unrelated to the build user umask.
I would suggest to add relevant entries to the device_table.txt file. If not
possible, a sanity check, a warning or a note in the documentation would be
fine.
Thanks.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
next reply other threads:[~2015-03-31 19:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-31 19:48 bugzilla at busybox.net [this message]
2015-04-01 19:25 ` [Buildroot] [Bug 7981] Target file system skeleton permissions hazard bugzilla at busybox.net
2015-04-02 21:39 ` bugzilla at busybox.net
2015-07-30 10:09 ` bugzilla at busybox.net
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-7981-163@https.bugs.busybox.net/ \
--to=bugzilla@busybox.net \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox