before sys-apps/util-linux-2.37.3 the suid flag was set for su when util-linux was compiled without without the suid flag enabled as the suid flag info also states "install mount/umount as setuid so non-root users may mount/umount devices, and wall/write as setgid so non-root users can notify other users" this setting shouldn't effect su imo Reproducible: Always
su without the suid flag set, doesn't allow a normal user to elevate to another (privileged) user # su Password: su: cannot set groups: Operation not permitted
and how does gentoo decide which su command it uses/builds? I have a system here that uses su from sys-apps/shadow and another from sys-apps/util-linux As sys-apps/util-linux and sys-apps/shadow to enable su be default. IUSE="+su" in both ebuilds
(In reply to Herbert Wantesh from comment #2) > and how does gentoo decide which su command it uses/builds? > > I have a system here that uses su from sys-apps/shadow and another from > sys-apps/util-linux > > As sys-apps/util-linux and sys-apps/shadow to enable su be default. > > IUSE="+su" in both ebuilds seems to be profile related
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c6a3b57a6630a720854f42107785058e8a68b28 commit 7c6a3b57a6630a720854f42107785058e8a68b28 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-01-26 15:24:59 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-01-26 15:26:43 +0000 sys-apps/util-linux: update description of 'suid' USE flag Bug: https://bugs.gentoo.org/832092 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/util-linux/metadata.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
We had a conversation about this in IRC a few weeks ago. The su command is technically still useful even with the suid bit unset. It allows the root user to switch to another user. There was some argument about whether we should force the suid bit or not. A few possibilities: 1. Do nothing and let users figure it out themselves. 2. Add a warning to pkg_pretend when USE="su -suid". 3. Add REQUIRED_USE="su? ( suid )". 4. Add a new USE flag ("suid-su") to control this independently. 5. Force the suid bit to be set on su, regardless of any USE flag.
I would prefer 4. Add a new USE flag ("suid-su") to control this independently.
the smaller the number of suid apps the better
(In reply to Herbert Wantesh from comment #6) > I would prefer > > 4. Add a new USE flag ("suid-su") to control this independently. Note that su is completely useless without suid, so I prefer option 5.
(In reply to Sam James from comment #8) > Note that su is completely useless without suid, so I prefer option 5. It's really not though.
(In reply to Mike Gilbert from comment #9) > (In reply to Sam James from comment #8) > > Note that su is completely useless without suid, so I prefer option 5. > > The su command is technically still useful even with the suid bit unset. It > allows the root user to switch to another user. There was some argument > about whether we should force the suid bit or not. > But an user that wants to use su as wheel group member doesn't want to allow a normal user to mount/umount partitions or send message to all logged in users. Gentoo is about choice, let the user decide aka 4. Add a new USE flag ("suid-su") to control this independently.
(In reply to Mike Gilbert from comment #9) > (In reply to Sam James from comment #8) > > Note that su is completely useless without suid, so I prefer option 5. > > It's really not though. Semantically, yes, practically, not. I'm going to go out on a limb and say that the 98% use case for people who invoke 'su' is to 'become root'. I have needed your usecase too, but it pales in comparison to 'becoming root'. Given that premise, I think the default should work for the majority of users. My preferred order is 2. Add a warning to pkg_pretend when USE="su -suid" (and implicitly +suid in the ebuild). with my second choice being 4. Add a new USE flag ("suid-su") to control this independently (again, with the default being +suid-su). Both these options maintain choice, but importantly also maintain the default, expected, traditional Unix semantics.
(In reply to David Seifert from comment #11) > 2. Add a warning to pkg_pretend when USE="su -suid" (and implicitly +suid in > the ebuild). The ebuild already has IUSE="+suid", so we ship a "sane" configuration by default. This issue really only pops up for people who have set USE="-suid" explicitly in make.conf.
add the suid-su useflag and enable it by default
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0862b8a3b3df10038b5dea127018415cdb94f63 commit e0862b8a3b3df10038b5dea127018415cdb94f63 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-28 05:27:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-28 05:27:23 +0000 sys-apps/util-linux: force installed su(1) to be suid su(1) is almost useless without suid and on balance, it's more likely that people will have USE="-suid" in make.conf (globally) rather than desperately wanting to strip su(1) of its suid bits. This avoids such users having a "broken" (or dysfunctional) su(1). Users wishing to truly have a no-suid su(1) can e.g. use Portage's 'suidctl' feature or strip it out via e.g. a bashrc hook. Note that shadow's su(1) (the default implementation until recently) always forced suid su anyway. Closes: https://bugs.gentoo.org/832092 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/util-linux/util-linux-2.37.3-r1.ebuild | 333 ++++++++++++++++++++++++ sys-apps/util-linux/util-linux-9999.ebuild | 16 ++ 2 files changed, 349 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=130b8accb93831e95ba3548369420f1a9be29725 commit 130b8accb93831e95ba3548369420f1a9be29725 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-28 05:30:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-28 05:31:02 +0000 sys-apps/util-linux: destabilize 2.37.3-r1 Not meant to be stable yet (accidentally pushed as). Bug: https://bugs.gentoo.org/832092 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/util-linux/util-linux-2.37.3-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
thanks for the fix, the metadata.xml text for suid is still wrong "su: non-root users may become root" should get removed