coreutils/install cannot set setuid bits

Nero nero at w1r3.net
Sat May 13 13:27:13 UTC 2023


Hello,

I'm using the BusyBox v1.35.0 shipped with Alpine Linux 3.17.

I'm trying to use coreutils/install to install a program with setuid
bit set, but the setuid bit ends up being stripped.

strace on the `install` invocation:

> chmod("/home/nero/.local/bin/brightness", 04111) = 0
> lchown("/home/nero/.local/bin/brightness", 0, 0) = 0

Destination access rights observed with:

> $ stat -c %a /home/nero/.local/bin/brightness
> 111

in coreutils/install.c, in install_main(), chmod is done first,
lchown afterwards. But from Linux's chown(2):

> When the owner or group of an executable file is changed by an
> unprivileged user, the S_ISUID and S_ISGID mode bits are cleared.
> POSIX does not specify whether this also should happen when root does
> the chown(); the Linux behavior depends on the kernel version, and
> since Linux 2.2.13, root is treated like other users.

I checked against GNU coreutils 9.1, strace:

> fchownat(3, "brightness", 0, 0, AT_SYMLINK_NOFOLLOW) = 0
> fchmodat(3, "brightness", 04111)        = 0

Yields the expected result:

> stat -c %a /home/nero/.local/bin/brightness
> 4111

I think swapping the ordering of the chmod and lchown sections in
coreutils/install.c, install_main() would fix what i think is a bug.

Ideas?

-- Nero


More information about the busybox mailing list