$ ls -l /usr/sbin/mtr -rws--x--- 1 root root 84808 Dec 10 09:48 /usr/sbin/mtr When I try to run it as non-root user, I get $ mtr bash: /usr/sbin/mtr: Permission denied Reproducible: Always
# emerge --info Portage 2.1.6.13 (default/linux/amd64/10.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.31-gentoo-r6 x86_64) ================================================================= System uname: Linux-2.6.31-gentoo-r6-x86_64-Pentium-R-_Dual-Core_CPU_E5200_@_2.50GHz-with-gentoo-1.12.13 Timestamp of tree: Thu, 10 Dec 2009 01:45:01 +0000 app-shells/bash: 4.0_p35 dev-java/java-config: 2.1.9-r1 dev-lang/python: 2.6.4 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/ftp/mirror/gentoo http://ftp.snt.ipv6.utwente.nl/pub/os/linux/gentoo http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo" LDFLAGS="-Wl,-O1" LINGUAS="en_GB" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.au.gentoo.org/gentoo-portage" USE="X accessibility acpi alsa amd64 avi branding bzip2 caps cdr chm cracklib crypt curl cxx dbus dri dvd dvdr ffmpeg firefox flac font-server ftp gif gtk gtk2 gzip handbook idn iproute2 ipv6 jabber java java6 jpeg kde kdehiddenvisibility kdexdeltas ldap lzo mad mmx mng mozbranding mp3 mp4 mpeg multilib musepack ncurses nls nptl nptlonly nsplugin ogg opengl pam pcap pcre pdf perl png posix ps python qt qt3support qt4 rdesktop rdp readline samba sdl smp sockets socks5 sql sqlite sse sse2 ssl startup-notification svg syslog tcl theora threads threadsafe tiff tk truetype truetype-fonts type1-fonts unicode usb userlocales video vim-syntax vnc vorbis wav webkit wireshark xcb xine xinerama xml xml2 xorg zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa fbdev nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
The problem is still there. If it has to be like this, at least explain why and close the bug as invalid or won't fix. Thanks
(In reply to comment #2) > The problem is still there. If it has to be like this, at least explain why and > close the bug as invalid or won't fix. Thanks > It is indeed insteresting to note that mtr can be ran as normal user because it has the setuid bit anyway.
It does, but since the permissions for normal users are "---", in Gentoo it doesn't work "out of the box" for normal users.
So, more looking into this. It doesn't make much sense to be setuid and only 710. If setuid is required, then it should be 711. Futhermore, if 710 is insisted on then setuid bit should NOT be set. So, after reading bug 223017, I get the sense that the solution is unanswered. Here is one possible option: %% cvs di Index: mtr-0.79.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-analyzer/mtr/mtr-0.79.ebuild,v retrieving revision 1.1 diff -u -r1.1 mtr-0.79.ebuild --- mtr-0.79.ebuild 15 Jun 2010 16:09:52 -0000 1.1 +++ mtr-0.79.ebuild 2 Jul 2010 01:05:25 -0000 @@ -14,7 +14,7 @@ LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="gtk ipv6" +IUSE="gtk ipv6 suid" RDEPEND="sys-libs/ncurses gtk? ( >=x11-libs/gtk+-2.4.0 )" @@ -37,7 +37,10 @@ emake DESTDIR="${D}" install || die "make install failed" fowners root:0 /usr/sbin/mtr - fperms 4710 /usr/sbin/mtr - + if use suid; then + fperms 4711 /usr/sbin/mtr + else + fperms 0710 /usr/sbin/mtr + fi dodoc AUTHORS ChangeLog FORMATS NEWS README SECURITY TODO || die } That will give no functional change when compile as USE=-suid compared to current behavior. When compile with USE=suid, then this bug is solved and users can run mtr. I don't really consider setuid a security risk for this package though because the program drops privs as soon as it can (look at the source, mtr.c) Anyone from netmon@g.o can provide comments here?
With 710 it will *still* fail for normal users, since the owner is root:root. I think either +x for others is required in any case, or ownership has to be changed.
(In reply to comment #6) > With 710 it will *still* fail for normal users, since the owner is root:root. > I think either +x for others is required in any case, or ownership has to be > changed. > You ignored the setuid bit. It is this setuid bit that is causing disagreement in bug 223017, if you read it. The point of my patch was either 4711 (fix *this* bug) or 0710 (drop setuid and maintain current behavior). So, in otherwords, with my patch, enable USE=suid and normal users can run mtr..
Committed comment #5 + 02 Jul 2010; Jeremy Olexa <darkside@gentoo.org> mtr-0.79.ebuild: + Fix suid/permission handling. Bug 296413, approved by pva
Ok, so given that NOT using USE=suid would then render the program completely unusable for normal users, probably a word of warning in the ebuild when suid is not used would make sense (eg, "must be run as root or set USE=suid").
(In reply to comment #9) > Ok, so given that NOT using USE=suid would then render the program completely > unusable for normal users, You mean like it is now? > probably a word of warning in the ebuild when suid > is not used would make sense (eg, "must be run as root or set USE=suid"). Why? It is located in /usr/sbin. This is not in your PATH by default. If you add sbin to your PATH, then you should know that is may need root privs to run. I'm leaning on the side of common sense here. In my opinion, there is no need to clutter up elog/etc for common sense items.
Your call, but personally I know a lot of users (including myself) who keep /sbin and /usr/sbin in their PATH and routinely run commands that are there (ip, ifconfig, route, ping, traceroute etc.) and those all work without problems for normal users, even those that are suid. That's why mtr looks like an exception to me. As I said, personally I know how to fix that, I was just suggesting that other users might find a brief message about the anomaly useful.
