Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 554258 (u-w) - [TRACKER] Packages installing files u-w
Summary: [TRACKER] Packages installing files u-w
Status: CONFIRMED
Alias: u-w
Product: Quality Assurance
Classification: Unclassified
Component: Trackers (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Quality Assurance Team
URL:
Whiteboard:
Keywords: Tracker
Depends on: 554342 554348 554350 554360 554362 554364 554372 554374 554260 554264 554340 554344 554346 554352 554354 554356 554358 554366 554368 554370
Blocks:
  Show dependency tree
 
Reported: 2015-07-08 19:15 UTC by Michał Górny
Modified: 2021-07-21 00:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2015-07-08 19:15:26 UTC
We have some packages that install files u-w to the filesystem (not writable by owner). This looks like a bug.

While the issue is not immediately noticeable since usually all write operations on those files (e.g. stripping) are done as root. However, this is upstream issue that will eventually cause some random failures.

For example, this will fail if the whole build & install is done as unprivileged user. Or when SELinux (without dac_override) is effective [pointed out by perfinion].
Comment 1 Mike Gilbert gentoo-dev 2015-07-09 20:17:27 UTC
Can you provide an explanation we can copy/paste for upstream bug reports please?
Comment 2 Mike Gilbert gentoo-dev 2015-07-09 21:29:11 UTC
This is an issue that does not seem to affect installation from most upstream sources. install(1) from coreutils unlinks the destination file if it exists; therefore, the mode of the installed file does not matter at all.

Perhaps portage should be adjusted to unlink existing files when merging them onto ROOT if it does not do so already.
Comment 3 Mike Gilbert gentoo-dev 2015-07-09 21:32:44 UTC
> While the issue is not immediately noticeable since usually all write operations on those files (e.g. stripping) are done as root.

Oh, I see. We are talking about operations that may also be performed during/after src_install, not necessarily during the merge phase.