Extracted squashfs files have incorrect permissions

off-by-1-error commented 1 year ago

Describe the bug When I use unblob to extract the contents of a squashfs, none of the extracted binaries have execute permissions set. When I use sasquatch directly (with arguments identical to those passed to it by unblob) to extract the same filesystem, the extracted binaries do have execute permissions set. Read/write permissions are not affected.

To Reproduce Steps to reproduce the behavior, using this file for testing: rootfs.gz

Unzip gunzip rootfs.gz
Run unblob with command unblob --report reports.json --extract-dir output_unblob rootfs
Use sasquatch to extract the same files sasquatch -le -no-exit-code -f -d output_sasquatch rootfs
Count executable files find output_unblob -type f -executable | wc -l. This counts 0 executable files for me.
Count executable files find output_sasquatch -type f -executable | wc -l This counts 224 executable files.

These steps can also be used to reproduce the issue inside the unblob docker container

Error details

``` Here's a sample comparison the permissions of the extracted files: $ ls -l output_sasquatch/usr/bin | head total 5700 -rwxr-xr-x 1 user user 13311 Jul 7 2015 ac -rwxr-xr-x 1 user user 19597 Jul 7 2015 acl lrwxrwxrwx 1 user user 17 Jul 7 2015 arping -> ../../bin/busybox -rwxr-xr-x 1 user user 17121 Jul 7 2015 ated -rwxr-xr-x 1 user user 13280 Jul 7 2015 ated_tp -rwxr-xr-x 1 user user 97436 Jul 7 2015 cli -rwxr-xr-x 1 user user 14256 Jul 7 2015 cmxdns -rwxr-xr-x 1 user user 62684 Jul 7 2015 cos -rwxr-xr-x 1 user user 127952 Jul 7 2015 cwmp $ ls -l output_unblob/rootfs_extract/usr/bin | head total 5700 -rw-r--r-- 1 user user 13311 Jul 7 2015 ac -rw-r--r-- 1 user user 19597 Jul 7 2015 acl lrwxrwxrwx 1 user user 17 Jul 24 13:08 arping -> ../../bin/busybox -rw-r--r-- 1 user user 17121 Jul 7 2015 ated -rw-r--r-- 1 user user 13280 Jul 7 2015 ated_tp -rw-r--r-- 1 user user 97436 Jul 7 2015 cli -rw-r--r-- 1 user user 14256 Jul 7 2015 cmxdns -rw-r--r-- 1 user user 62684 Jul 7 2015 cos -rw-r--r-- 1 user user 127952 Jul 7 2015 cwmp ```

Expected behavior I would expect using sasquatch and unblob to extract the same filesystem would produce files which have identical permissions.

Environment information (please complete the following information):

OS: Ubuntu Linux 20.04
Software versions: Python 3.8.10, pip 23.2.1

We recommend you execute and paste the results of those commands in this issue so we can get a sense of your environment:

Linux/Darwin kernel version with uname -avr

$ uname -avr
Linux 5.4.0-153-generic #170-Ubuntu SMP Fri Jun 16 13:43:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Linux distribution with cat /etc/lsb-release

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.5 LTS"

MacOS distribution with sw_vers N/A
Poetry version with poetry env info N/A
Nix install info with nix flake info N/A

Pip install info pip freeze

$ pip freeze
alabaster==0.7.8
appdirs==1.4.4
arpy==2.3.0
asttokens==2.2.1
attrs==22.2.0
Automat==0.8.0
Babel==2.6.0
backcall==0.2.0
bcrypt==3.2.0
binwalk==2.2.0
bleach==5.0.0
blinker==1.4
blist==1.3.6
build==0.7.0
capstone==5.0.0rc2
certifi==2023.5.7
cffi==1.14.6
chardet==3.0.4
charset-normalizer==3.2.0
click==8.1.3
colorama==0.4.3
colored-traceback==0.3.0
coloredlogs==15.0.1
command-not-found==0.3
commonmark==0.9.1
configobj==5.0.6
constantly==15.1.0
cryptography==40.0.1
cstruct==5.2
cycler==0.10.0
dbus-python==1.2.16
decorator==4.4.2
dissect.cstruct==2.0
distro==1.4.0
distro-info===0.23ubuntu1
docutils==0.16
entrypoints==0.3
executing==1.2.0
gitdb==4.0.9
GitPython==3.1.27
graphviz==0.20
humanfriendly==10.0
hyperlink==19.0.0
idna==2.8
imagesize==1.2.0
importlib-metadata==4.11.3
incremental==16.10.1
iniconfig==1.1.1
intervaltree==3.1.0
ipdb==0.13.13
ipython==8.7.0
jedi==0.18.2
jefferson==0.4.5
Jinja2==2.10.1
keyring==18.0.1
kiwisolver==1.0.1
language-selector==0.1
lark==1.1.5
lazr.uri==1.0.3
lief==0.12.3
lxml==4.9.2
lz4==4.0.1
lzallright==0.2.3
Mako==1.2.0
MarkupSafe==1.1.0
matplotlib==3.1.2
matplotlib-inline==0.1.6
netifaces==0.10.4
networkx==2.8.5
numpy==1.23.1
oauthlib==3.1.0
olefile==0.46
packaging==20.3
pandas==1.4.3
paramiko==2.10.3
parso==0.8.3
pep517==0.12.0
pexpect==4.6.0
pickleshare==0.7.5
Pillow==7.0.0
pkginfo==1.8.2
plotext==5.2.8
pluggy==1.0.0
plumbum==1.7.2
ply==3.11
prompt-toolkit==3.0.36
protobuf==3.6.1
psutil==5.9.0
pure-eval==0.2.2
pwntools==4.10.0
py==1.11.0
pyasn1==0.4.2
pyasn1-modules==0.2.1
pycparser==2.19
pycryptodome==3.17
pydot==1.4.2
pyelftools==0.28
Pygments==2.12.0
PyGObject==3.36.0
PyHamcrest==1.9.0
PyJWT==1.7.1
pymacaroons==0.13.0
PyNaCl==1.3.0
PyOpenGL==3.1.0
pyOpenSSL==23.1.1
pyparsing==2.4.6
pyperscan==0.2.2
PyQt5==5.14.1
pyqtgraph==0.11.0rc0
pyserial==3.4
pyshark==0.5.3
PySocks==1.7.1
pytest==7.1.2
python-apt==2.0.1
python-dateutil==2.8.2
python-debian===0.1.36ubuntu1
python-lzo==1.0
python-magic==0.4.27
pytz==2022.1
PyYAML==5.3.1
rarfile==4.0
readme-renderer==35.0
requests==2.31.0
requests-toolbelt==0.9.1
rfc3986==2.0.0
rich==12.3.0
roman==2.0.0
ROPGadget==6.7
rpyc==5.1.0
scapy==2.5.0
scipy==1.3.3
SecretStorage==2.3.1
service-identity==18.1.0
simplejson==3.16.0
sip==4.19.21
six==1.14.0
smmap==5.0.0
sortedcontainers==2.4.0
sos==4.4
sphinx-rtd-theme==1.1.1
stack-data==0.6.2
structlog==21.5.0
systemd-python==234
tomli==2.0.1
traitlets==5.7.1
tree-sitter==0.20.0
treelib==1.6.4
twine==4.0.0
Twisted==18.9.0
typing_extensions==4.2.0
ubi-reader==0.8.9
ubuntu-advantage-tools==27.12
ufw==0.36
unattended-upgrades==0.1
unblob==23.5.31
unblob-native==0.1.1
unicorn==2.0.0rc6
urllib3==1.26.9
vmlinux-to-elf==1.0
wadllib==1.3.3
wcwidth==0.2.5
webencodings==0.5.1
zipp==3.8.0
zope.interface==4.7.1
zstandard==0.18.0

Unblob dependencies info with unblob --show-external-dependencies

$ unblob --show-external-dependencies
The following executables found installed, which are needed by unblob:
7z                          ✓
debugfs                     ✓
jefferson                   ✓
lz4                         ✓
lziprecover                 ✓
lzop                        ✓
sasquatch                   ✓
sasquatch-v4be              ✓
simg2img                    ✓
ubireader_extract_files     ✓
ubireader_extract_images    ✓
unar                        ✓
zstd                        ✓

sasquatch:

$ sasquatch -version
unsquashfs version 4.5.1 (2022/03/17)
copyright (C) 2022 Phillip Lougher <phillip@squashfs.org.uk>
...

Additional context I'm running both unblob and sasquatch as the same non-root user. I got the command line args for sasquatch by running unblob with a debugger, setting a breakpoint here and checking the contents of cmd. I've also tried invoking sasquatch from a simple python script using the subprocess module:

import subprocess

try:
    cmd = ["sasquatch", "-le", "-no-exit-code", "-f", "-d", "output", "rootfs"]

    res = subprocess.run(
        cmd,
        capture_output=True
    )
    print(res.stdout)
except subprocess.SubprocessError:
    print(f"got exception")

This works as expected, and the extracted files have execute permissions.

qkaiser commented 1 year ago

Thanks for the very detailed report @off-by-1-error . The bug is easy to explain: once unblob has extracted a chunk, it will recurse through the extraction directory and fix permissions.

You'll see this code in extractor.py:

def fix_permission(path: Path):
    if path.is_symlink():
        return

    if path.is_file():
        path.chmod(0o644)
    elif path.is_dir():
        path.chmod(0o775)

The primary goal when we implemented this was to make sure unblob had read permissions on extracted content in order to continue its work.

The fix is to apply a mask to the file permissions rather than applying a fixed value. I'll look into it.

qkaiser commented 1 year ago

Closing since it's fixed by #646

poetry run unblob -e /tmp/out -vvv -f -k ~/Downloads/rootfs.gz
find /tmp/out/rootfs.gz_extract -type f -executable | wc -l
224

You can give it a try with the latest docker image.

onekey-sec / unblob

Extracted squashfs files have incorrect permissions #645