700758 – net-im/signal-desktop-bin-1.29.6: incorrectly configured suit sandbox helper binary

Bug 700758 - net-im/signal-desktop-bin-1.29.6: incorrectly configured suit sandbox helper binary

Summary: net-im/signal-desktop-bin-1.29.6: incorrectly configured suit sandbox helper ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Robert G. Siebeck

URL:
Whiteboard:
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2019-11-20 10:10 UTC by Marek Szuba (RETIRED)
Modified:	2020-01-21 05:38 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/13761 https://github.com/gentoo/gentoo/pull/14398
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marek Szuba (RETIRED) archtester

2019-11-20 10:10:46 UTC

Recent Gentoo ebuilds of Signal Desktop strip the setuid bit from the sandbox helper binary installed into /opt/Signal. As a result, launching signal-desktop fails with the error

[FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/Signal/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap (core dumped)

Comment 1 Larry the Git Cow gentoo-dev

2019-11-26 14:59:22 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb47a5a96a5cddd4b5ae98288e7025fe9799ea2b

commit eb47a5a96a5cddd4b5ae98288e7025fe9799ea2b
Author:     Robert Siebeck <gentoo.2019@r123.de>
AuthorDate: 2019-11-25 20:49:32 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2019-11-26 14:59:05 +0000

    net-im/signal-desktop-bin: fix permissions for installed files
    
    Closes: https://bugs.gentoo.org/700758
    
    Signed-off-by: Robert Siebeck <gentoo.2019@r123.de>
    Closes: https://github.com/gentoo/gentoo/pull/13761
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-im/signal-desktop-bin/signal-desktop-bin-1.28.0.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comment 2 Marek Szuba (RETIRED) archtester

2020-01-20 11:24:12 UTC

Still not fixed, sorry:

$ ls -l /opt/Signal/chrome-sandbox 
-rwxr-xr-x 1 root root 235728 2020-01-20 00:18 /opt/Signal/chrome-sandbox

Comment 3 Larry the Git Cow gentoo-dev

2020-01-21 05:38:15 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9aa7dfe14c6d3c8b9d8d307e91892fb8ba44d470

commit 9aa7dfe14c6d3c8b9d8d307e91892fb8ba44d470
Author:     Robert Siebeck <gentoo.2019@r123.de>
AuthorDate: 2020-01-21 05:28:07 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-01-21 05:28:07 +0000

    net-im/signal-desktop-bin: set suid bit for chrome-sandbox
    
    Closes: https://bugs.gentoo.org/700758
    Signed-off-by: Robert Siebeck <gentoo.2019@r123.de>
    Closes: https://github.com/gentoo/gentoo/pull/14398
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 ...nal-desktop-bin-1.29.6.ebuild => signal-desktop-bin-1.29.6-r1.ebuild} | 1 +
 1 file changed, 1 insertion(+)