这是indexloc提供的服务,不要输入任何密码

Debian Bug report logs - #182626
dpkg-deb: building some packages fail due to a setgid DEBIAN dir

version graph

Package: dpkg; Maintainer for dpkg is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg is src:dpkg (PTS, buildd, popcon).

Reported by: Milus János <johans@gnu.hu>

Date: Wed, 26 Feb 2003 22:18:12 UTC

Severity: wishlist

Merged with 467024, 578584

Found in versions dpkg/1.14.16.6, dpkg/1.14.25

Reply or subscribe to this bug.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Julien Danjou <acid@debian.org>, apt-build@packages.qa.debian.org:
Bug#182626; Package apt-build. (full text, mbox, link).

Acknowledgement sent to Milus János <johans@gnu.hu>:
New Bug report received and forwarded. Copy sent to Julien Danjou <acid@debian.org>, apt-build@packages.qa.debian.org. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Milus János <johans@gnu.hu>
To: submit@bugs.debian.org
Subject: apt-build fails in packages contains files with suid bit
Date: 26 Feb 2003 23:13:02 +0100
Package: apt-build
Version: 0.8

When I invoke 'apt-build -y world' it fails on packages contains files
with suid bit. (For example the package base-passwd). It seems, the
program dpkg-deb do a permission check, and it fails.

My solution:
I add an extra option to the dpkg-deb: --nocheckperm
and I add a config file to the dpkg-deb: /etc/dpkg/dpkg-deb.cfg
(similarly to the dpkg).

I wrote the 'nocheckperm' to the dpkg-deb.cfg and it seems works fine.
The patch against the dpkg package:
--------------------------------------
diff -d -r dpkg-1.10.9/dpkg-deb/build.c dpkg-1.10.9-new/dpkg-deb/build.c
297,302c297,303
<     strcpy(controlfile, directory);
<     strcat(controlfile, "/" BUILDCONTROLDIR "/");
<     if (lstat(controlfile,&mscriptstab)) ohshite("unable to stat
control directory");
<     if (!S_ISDIR(mscriptstab.st_mode)) ohshit("control directory is
not a directory");
<     if ((mscriptstab.st_mode & 07757) != 0755)
<       ohshit(_("control directory has bad permissions %03lo (must be
>=0755 "
---
>     if (!nocheckperm) {
>     	strcpy(controlfile, directory);
>    	strcat(controlfile, "/" BUILDCONTROLDIR "/");
>     	if (lstat(controlfile,&mscriptstab)) ohshite("unable to stat
control directory");
>     	if (!S_ISDIR(mscriptstab.st_mode)) ohshit("control directory is
not a directory");
>     	if ((mscriptstab.st_mode & 07757) != 0755)
>     	  ohshit(_("control directory has bad permissions %03lo (must be
>=0755 "
303a305
>     }
diff -d -r dpkg-1.10.9/dpkg-deb/dpkg-deb.1
dpkg-1.10.9-new/dpkg-deb/dpkg-deb.1
73c73,74
< .B dpkg\-deb
---
> Unless you specify
> .BR \-\-nocheckperm ", " dpkg\-deb "
217a219,221
> .BR --nocheckperm
> Suppress permission check.
> .TP
diff -d -r dpkg-1.10.9/dpkg-deb/dpkg-deb.h
dpkg-1.10.9-new/dpkg-deb/dpkg-deb.h
30c30
< extern int debugflag, nocheckflag, oldformatflag;
---
> extern int debugflag, nocheckflag, nocheckperm, oldformatflag;
44a45
> #define DPKG_DEB		"dpkg-deb"
diff -d -r dpkg-1.10.9/dpkg-deb/main.c dpkg-1.10.9-new/dpkg-deb/main.c
79a80
>   --nocheckperm              suppress permission check.\n\
101c102
< int debugflag=0, nocheckflag=0, oldformatflag=BUILDOLDPKGFORMAT;
---
> int debugflag=0, nocheckflag=0, nocheckperm=0,
oldformatflag=BUILDOLDPKGFORMAT;
145a147
>   { "nocheckperm",   0,   0,  &nocheckperm,   0,  0,            1  },
168c170
<   standard_startup(&ejbuf, argc, &argv, NULL, 0, cmdinfos);
---
>   standard_startup(&ejbuf, argc, &argv, DPKG_DEB, 1, cmdinfos);

Bug reassigned from package `apt-build' to `dpkg'. Request was from Julien Danjou <acid@chulak.naquadah.org> to control@bugs.debian.org. (full text, mbox, link).

Changed Bug title to `dpkg-deb: building some packages fail due to a setgid DEBIAN dir' from `apt-build fails in packages contains files with suid bit'. Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Mon, 05 Jan 2009 19:51:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#182626; Package dpkg. (Thu, 19 Mar 2009 08:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Bart Massey <bart@po8.org>:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Thu, 19 Mar 2009 08:18:03 GMT) (full text, mbox, link).

Message #14 received at 182626@bugs.debian.org (full text, mbox, reply):

From: Bart Massey <bart@po8.org>
To: Debian Bug Tracking System <182626@bugs.debian.org>
Subject: dpkg-deb: patch to allow setgid control directory
Date: Thu, 19 Mar 2009 01:16:30 -0700
Package: dpkg
Version: 1.14.25
Followup-For: Bug #182626


As noted, dpkg-deb will currently fail if the control
directory is setgid.  (The error message is also incorrect.)
Abset some reason for this behavior, the following patch
fixes it.

--- build.c.dist	2009-02-02 06:46:10.000000000 -0800
+++ build.c	2009-03-18 23:36:33.000000000 -0700
@@ -271,9 +271,10 @@
     strcat(controlfile, "/" BUILDCONTROLDIR "/");
     if (lstat(controlfile,&mscriptstab)) ohshite("unable to stat control directory");
     if (!S_ISDIR(mscriptstab.st_mode)) ohshit("control directory is not a directory");
-    if ((mscriptstab.st_mode & 07757) != 0755)
-      ohshit(_("control directory has bad permissions %03lo (must be >=0755 "
-             "and <=0775)"), (unsigned long)(mscriptstab.st_mode & 07777));
+    if ((mscriptstab.st_mode & 05757) != 0755)
+      ohshit(_("control directory has bad permissions %03lo (must be 0755, "
+             "0775, 02755, or 02775)"),
+             (unsigned long)(mscriptstab.st_mode & 07777));
 
     for (mscriptp= maintainerscripts; *mscriptp; mscriptp++) {
       strcpy(controlfile, directory);


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (950, 'testing'), (650, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.28.4 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages dpkg depends on:
ii  coreutils                     6.10-6     The GNU core utilities
ii  libc6                         2.9-4      GNU C Library: Shared libraries
ii  lzma                          4.43-14    Compression method of 7z format in

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt                           0.7.20.2   Advanced front-end for dpkg

-- no debconf information

Added tag(s) patch. Request was from Regid Ichira <gl2n30y06arv2@hotmail.com> to control@bugs.debian.org. (Tue, 20 Apr 2010 23:54:05 GMT) (full text, mbox, link).

Merged 182626 578584. Request was from Regid Ichira <gl2n30y06arv2@hotmail.com> to control@bugs.debian.org. (Wed, 21 Apr 2010 00:15:06 GMT) (full text, mbox, link).

Removed tag(s) patch. Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Wed, 21 Apr 2010 02:03:14 GMT) (full text, mbox, link).

Severity set to 'wishlist' from 'normal' Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Wed, 21 Apr 2010 02:03:14 GMT) (full text, mbox, link).

Merged 182626 467024 578584. Request was from Guillem Jover <guillem@debian.org> to control@bugs.debian.org. (Wed, 21 Apr 2010 02:03:15 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 27 14:28:16 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.