1. 25 Jan, 2019 2 commits
  2. 24 Jan, 2019 1 commit
    • intrigeri's avatar
      Preserve setuid & setgid bits when giving files back to their renumbered owner (refs: #16383) · 7dd2850e
      intrigeri authored
      chown(1) and chgrp(1) rely on the chown(2) system call, which clears setuid,
      setgid, and friends (capabilities, ACLs, etc.).
      
      So when commit:02da4779 started
      running chgrp on files owned by the messagebus group,
      /usr/lib/dbus-1.0/dbus-daemon-launch-helper lost its setuid bit,
      which broke setting up a printer in Tails 3.12~rc1.
      
      This commit fixes this, by ensuring we don't lose the setuid & setgid bits along
      the way anymore.
      
      Note that the storage stack that backs our root filesystem supports neither
      extended attributes (getfattr/setfattr), nor Linux filesystem
      attributes (lsattr/chattr), nor file capabilities (getcap/setcap), nor ACLs.
      On the one hand it's too bad, e.g. the lack of support for capabilities is the
      reason why /bin/ping is setuid root on Tails but not on the average Debian
      system. OTOH it makes it vastly easier to fix this bug: the only thing we need
      to restore here is basic Unix DAC permissions.
      7dd2850e
  3. 21 Jan, 2019 13 commits
  4. 20 Jan, 2019 15 commits
  5. 19 Jan, 2019 9 commits