View previous topic :: View next topic |
Author |
Message |
Fog_Watch Apprentice
Joined: 24 Jul 2006 Posts: 267 Location: Utility Muffin Research Kitchen
|
Posted: Wed Jan 09, 2013 4:52 am Post subject: Where has my Xorg SUID bit gone? [SOLVED] |
|
|
I would like to login without a password. I have previously achieved this with the following at the end of my /etc/iniittab:
Quote: | xp:5:respawn:su - admin -l -c 'exec startx -- :1 vt8 >& ~/.xsession-errors'
| When startx was working for users the SUID bit for /usr/bin/Xorg was set, but this is no-longer the case.
Now:
Quote: | equery b /usr/bin/Xorg
* Searching for /usr/bin/Xorg ...
x11-base/xorg-server-1.13.1 (/usr/bin/Xorg)
|
Quote: | equery uses x11-base/xorg-server-1.13.1 | grep suid
+suid
|
Quote: | ls -la /usr/bin/Xorg
-rwxr-xr-x 1 root root 2108608 Jan 9 15:30 /usr/bin/Xorg
|
I thought the suid flag would set the SUID bit, but this does not seem to be so.
How do I turn the SUID bit back on for my /usr/bin/Xorg?
Last edited by Fog_Watch on Fri Jan 11, 2013 5:58 am; edited 1 time in total |
|
Back to top |
|
|
chithanh Developer
Joined: 05 Aug 2006 Posts: 2158 Location: Berlin, Germany
|
Posted: Wed Jan 09, 2013 10:56 am Post subject: |
|
|
Works fine here.
Code: | # emerge -pv xorg-server
[ebuild R ] x11-base/xorg-server-1.13.1 USE="ipv6 nptl suid udev xorg -dmx -doc -kdrive -minimal (-selinux) -static-libs -tslib -xnest -xvfb" 0 kB
# stat /usr/bin/Xorg
File: ‘/usr/bin/Xorg’
Size: 2198856 Blocks: 4296 IO Block: 4096 regular file
Device: 805h/2053d Inode: 2762688 Links: 1
Access: (4711/-rws--x--x) Uid: ( 0/ root) Gid: ( 0/ root) |
You may want to look at the xorg-server build log if anything is wrong there. Set FEATURES="keeptemp" and rebuild the package, then retrieve the log from /var/tmp/portage/x11-base/xorg-server/temp/build.log |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Wed Jan 09, 2013 2:29 pm Post subject: |
|
|
There's a big clue in xorg-server's configure file:
Code: | --enable-install-setuid Install Xorg server as owned by root with setuid bit (default: auto) |
|
|
Back to top |
|
|
Fog_Watch Apprentice
Joined: 24 Jul 2006 Posts: 267 Location: Utility Muffin Research Kitchen
|
Posted: Wed Jan 09, 2013 11:24 pm Post subject: |
|
|
This bug suggested to me that suid set the --enable-install-setuid configure flag. Line 23 of my build.log, however does not have --enable-install-setuid. Little surprise then that the SUID bit on my /use/bin/Xorg ends up not set.
Any other clues?
Thanks for your support, PaulBredbury and chithanh. |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Thu Jan 10, 2013 3:23 am Post subject: |
|
|
Fog_Watch wrote: | Any other clues?. |
A big one: read the ebuild.
Recent xorg-server ebuilds have suid useflag. Guess what could it be for ?
chithanh's post already pointed it out. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Thu Jan 10, 2013 5:32 am Post subject: |
|
|
VoidMage wrote: | Recent xorg-server ebuilds have suid useflag. Guess what could it be for ? |
Guess what s/he said s/he'd set in the first post.. |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Thu Jan 10, 2013 5:58 am Post subject: |
|
|
well, so I've missed that (was confused by all the flailing), but on the other hand, in the log, there's
Code: | chmod u+s /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg |
So the ebuild seems correct. |
|
Back to top |
|
|
Fog_Watch Apprentice
Joined: 24 Jul 2006 Posts: 267 Location: Utility Muffin Research Kitchen
|
Posted: Thu Jan 10, 2013 10:17 am Post subject: |
|
|
VoidMage wrote: | Code: | chmod u+s /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg |
|
I missed that. Thank you.
As part of my attempts to find out what is going on I:
Code: | ebuild /usr/portage/x11-base/xorg-server/xorg-server-1.13.1.ebuild install |
Code: | ls -la /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg
-rwxr-xr-x 1 root root 2108608 Jan 10 20:51 /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg |
Then if I:
Code: | chmod u+s /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg |
Code: | ls -la /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg
-rwsr-xr-x 1 root root 2108608 Jan 10 20:51 /var/tmp/portage/x11-base/xorg-server-1.13.1/image//usr/bin/Xorg
|
So I can chmod u+s, but ebuild can't. I don't understand this, but if someone here does then I'm all ears. |
|
Back to top |
|
|
Fog_Watch Apprentice
Joined: 24 Jul 2006 Posts: 267 Location: Utility Muffin Research Kitchen
|
Posted: Fri Jan 11, 2013 5:58 am Post subject: |
|
|
Some fstab documentation suggests defaults should be the option for ext4, which is what I'm on. That was the problem, previously it was noatime. Now, with defaults, the SUID bit is preserved when copied.
Xorg had nothing to do with it.
Thank you.
Regards
Fog_Watch. |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Fri Jan 11, 2013 7:01 am Post subject: |
|
|
this is interesting; had the same issue. manually added suid bit, enabled its useflag and did not rebuild.
seeing this post I wondered if my fstab flags would do the same. but they do not.
emerge --oneshot xorg-server: | >>> Installing (1 of 1) x11-base/xorg-server-1.13.1
* >>> SetUID: [chmod go-r] /usr/bin/Xorg ...
[ ok ] |
ls -l /usr/bin/Xorg: | -rws--x--x 1 root root 2153544 11. Jan 08:00 /usr/bin/Xorg |
/etc/fstab entry: | /dev/sda2 / ext4 discard,noatime,nodiratime |
_________________ hear hear |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Fri Jan 11, 2013 7:16 am Post subject: |
|
|
That's weird: I've always had to turn suid off with nosuid, so my /usr partition has just 'noatime' as well, and Xorg is properly suid. What version of sys-apps/util-linux are you on? (That provides the /bin/mount binary.) I'm on 2.21.2 (stable.) Perhaps something has changed recently.
edit: ah I'm on xorg-server-1.13-0-r1 still. I held off the upgrade as I wanted to get update to trigger a rebuild of xorg-drivers generically, instead of having to flag every big upgrade in /etc/warning. Then I thought perhaps portages sub-slots might make it unnecessary. Still, it's odd that prior mount shouldn't have had an issue. |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Fri Jan 11, 2013 8:49 am Post subject: |
|
|
Interesting. man mount shows that defaults represents:
Quote: | Use default options: rw, suid, dev, exec, auto, nouser, and async. |
|
|
Back to top |
|
|
|