search

Netatalk / netatalk

Netatalk is a Free and Open Source AFP fileserver. A *NIX or BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server.
https://netatalk.io
GNU General Public License v2.0
360 stars 86 forks source link

Missing call to setgroups; use getaddrinfo() instead of gethostbyname() #1308

Open knight-of-ni opened 4 months ago

knight-of-ni commented 4 months ago

Describe the bug Rpmlint identified a few issues worth mentioning. I've posted the full output below. Some of the issues are expected or are a result of how the rpm is built (and can be ignored). However, these in particular are worth discussing:

netatalk.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cnid_dbd

Looks like this one was been around awhile, as the relevant line of code was written 19 years ago: https://github.com/Netatalk/netatalk/blob/main/etc/cnid_dbd/main.c#L449

What I found interesting is afprun calls setgroups before setuid. Thus it passes the rpmlint check: https://github.com/Netatalk/netatalk/blob/main/etc/afpd/afprun.c#L123

Should something similar be done for cnid_dbd?

netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/lib64/libatalk.so.18.0.0

This looks like the relevant line of code: https://github.com/Netatalk/netatalk/blob/main/libatalk/util/netatalk_conf.c#L2193

The suggestion would be to use getaddrinfo() rather than gethostbyname(). From what I can tell, this is primarily because gethostbyname does not support ipv6.

netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/sbin/afpd https://github.com/Netatalk/netatalk/blob/main/etc/afpd/nfsquota.c#L80

Same comment as the previous.

To Reproduce Run rpmlint on the netatalk rpm

Expected behavior No errors or warnings, that have not been addressed or explained

Environment

Logs

$ rpmlint netatalk-3.2.4-1.fc40.x86_64.rpm
============================ rpmlint session starts ============================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
checks: 32, packages: 1

netatalk.x86_64: E: setuid-binary /usr/bin/afppasswd root 4755
netatalk.x86_64: E: non-standard-executable-perm /usr/bin/afppasswd 4755
netatalk.x86_64: E: non-readable /run/lock/netatalk 0
netatalk.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cnid_dbd
netatalk.x86_64: W: dbus-policy-allow-receive <allow receive_sender="org.netatalk.AFPStats"/> /etc/dbus-1/system.d/netatalk-dbus.conf
netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/lib64/libatalk.so.18.0.0
netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/sbin/afpd
 1 packages and 0 specfiles checked; 4 errors, 3 warnings, 87 filtered, 4 badness; has taken 1.1 s

Additional context none

rdmark commented 4 months ago

Thanks for sharing! I propose putting these improvements on the backlog for the next major release (4.0.0)

knight-of-ni commented 4 months ago

Absolutely. That's totally your call as to how you want to address these, even if at all. I'm just doing my diligence as a packager by letting you know about them. :-)

rdmark commented 2 months ago

I've merged a potential fix for missing-call-to-setgroups-before-setuid now.

Poked around with binary-or-shlib-calls-gethostbyname a bit but it seems like a much more involved coding project. Postponing to a future time.