search

ljvblfz / yaffs2utils

Automatically exported from code.google.com/p/yaffs2utils
GNU General Public License v2.0
1 stars 0 forks source link

lchown after chmod destroies setuid/setgid #23

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Simply extract any yaffs2 image contains setuid/setgid files with unyaffs2.

What is the expected output? What do you see instead?
I'm testing it with android system.img from SDK.
Without the fix:
==============================
$ sudo ~/svn/yaffs2utils-read-only/src/unyaffs2 -v -p 2048 system.img.orig 
system.orig
$ ls -l system.orig/bin/ping
-rwxr-xr-x 1 root 3004 26768 Oct 13 05:09 system.orig/bin/ping*
==============================
After the fix:
==============================
$ sudo ~/svn/yaffs2utils-read-only/src/unyaffs2 -v -p 2048 system.img.orig 
system.orig
$ ls -l system.orig/bin/ping
-rwxr-sr-x 1 root 3004 26768 Oct 13 05:09 system.orig/bin/ping*
==============================

Following patch fixes this issue.
Index: unyaffs2.c
===================================================================
--- unyaffs2.c  (revision 26)
+++ unyaffs2.c  (working copy)
@@ -581,11 +581,11 @@
        utime(fpath, &ftime);
 #endif

-       /* mode */
-       chmod(fpath, obj->mode);
-
        /* owner */
        lchown(fpath, obj->uid, obj->gid);
+
+       /* mode */
+       chmod(fpath, obj->mode & 07777);
 }

 static int

Original issue reported on code.google.com by coolda...@gmail.com on 2 Dec 2011 at 3:27

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Ahh..
I forget to remove "& 07777", which was added when I'm testing..
Please remove it. :)

Original comment by coolda...@gmail.com on 2 Dec 2011 at 3:30

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Wow!!  familiar ID. 
It's my honor to accept this patch. :D
How have you been, my friend?

I have a simple question,
If the unyaffs2 is executed as normal user (not root),
will the chmod() success after lchown()?

Original comment by penguin.lin on 2 Dec 2011 at 4:04

GoogleCodeExporter commented 8 years ago 
If it's running as non-privileged user.
We won't be facing the issue of the order of lchown() and chmod().
Since we don't even have the permission to chown() to other user, right? :)

BTW, good work of this project. :)

Original comment by coolda...@gmail.com on 2 Dec 2011 at 4:37

GoogleCodeExporter commented 8 years ago 
Dear David:

Thanks a lot! :D

Original comment by penguin.lin on 9 Dec 2011 at 2:09

GoogleCodeExporter commented 8 years ago

Original comment by penguin.lin on 20 Jan 2012 at 7:11

GoogleCodeExporter commented 8 years ago 
I reopen it because chmod() has not effect on a symbolic link.
We should not apply chmod() on a file which type is "HARDLINK" or "SYMLINK".
I will fix it in the next release.

Original comment by penguin.lin on 11 Apr 2012 at 1:58

GoogleCodeExporter commented 8 years ago

Original comment by penguin.lin on 11 Apr 2012 at 1:58

GoogleCodeExporter commented 8 years ago

Original comment by penguin.lin on 11 Apr 2012 at 1:58

GoogleCodeExporter commented 8 years ago 
I create a new issue for chmod algorithm,
so this issue will be closed.

Original comment by penguin.lin on 11 Apr 2012 at 1:51