[arch-general] Strange issue
Hello, I used makepkg to build a package from /tmp. The package was then put to the designated directory and a symlink to pwd. When I try to install it with pacman -U /tmp/symlink-to-package, I get an error (permission denied) which I don't get when invoking pacman -U directly with the name of the file (not with the symbolic link). See, like this: [root@lnv64 tmp]# pacman -U /tmp/lomoco-1.0-9-x86_64.pkg.tar loading packages... error: '/tmp/lomoco-1.0-9-x86_64.pkg.tar': permission denied [root@lnv64 tmp]# ls -l /tmp/lomoco-1.0-9-x86_64.pkg.tar lrwxrwxrwx 1 nsajko nsajko 55 Dec 9 17:33 /tmp/lomoco-1.0-9-x86_64.pkg.tar -> /home/nsajko/debug-packages/lomoco-1.0-9-x86_64.pkg.tar [root@lnv64 tmp]# pacman -U /home/nsajko/debug-packages/lomoco-1.0-9-x86_64.pkg.tar loading packages... warning: lomoco-1.0-9 is up to date -- reinstalling resolving dependencies... looking for inter-conflicts... Packages (1): lomoco-1.0-9 Total Installed Size: 0.19 MiB Net Upgrade Size: 0.00 MiB :: Proceed with installation? [Y/n] n # I ran strace to see what really happens: [root@lnv64 tmp]# strace pacman -U /tmp/lomoco-1.0-9-x86_64.pkg.tar # ... # Here comes the part that could be relevant: write(1, "loading packages...\n", 20loading packages... ) = 20 access("/tmp/lomoco-1.0-9-x86_64.pkg.tar.sig", R_OK) = -1 ENOENT (No such file or directory) access("/tmp/lomoco-1.0-9-x86_64.pkg.tar", R_OK) = -1 EACCES (Permission denied) open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libalpm.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libalpm.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libalpm.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libalpm.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libalpm.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libalpm.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "\33[1;31merror: \33[0m", 18error: ) = 18 write(2, "'/tmp/lomoco-1.0-9-x86_64.pkg.ta"..., 54'/tmp/lomoco-1.0-9-x86_64.pkg.tar': permission denied ) = 54 close(4) = 0 munmap(0x7f6e2c980000, 4096) = 0 unlink("/var/lib/pacman/db.lck") = 0 close(3) = 0 munmap(0x7f6e2c981000, 4096) = 0 exit_group(1) = ? +++ exited with 1 +++ So from this line: access("/tmp/lomoco-1.0-9-x86_64.pkg.tar", R_OK) = -1 EACCES (Permission denied) we see that the kernel call access() reports that root doesn't have read access to a 777-permissible file?! Maybe it matters that it's on tmpfs and/or a symlink?
Neven Sajko wrote:
I used makepkg to build a package from /tmp. The package was then put to the designated directory and a symlink to pwd. When I try to install it with pacman -U /tmp/symlink-to-package, I get an error (permission denied) which I don't get when invoking pacman -U directly with the name of the file (not with the symbolic link). See, like this:
[root@lnv64 tmp]# pacman -U /tmp/lomoco-1.0-9-x86_64.pkg.tar loading packages... error: '/tmp/lomoco-1.0-9-x86_64.pkg.tar': permission denied [...] So from this line: access("/tmp/lomoco-1.0-9-x86_64.pkg.tar", R_OK) = -1 EACCES (Permission denied) we see that the kernel call access() reports that root doesn't have read access to a 777-permissible file?! Maybe it matters that it's on tmpfs and/or a symlink?
This is probably due to the fs.protected_symlinks sysctl being turned on, which I believe it is by default in Arch. Most symlinks in world-writable sticky directories (like /tmp) are not followed except by processes running as the user that created them. This is to prevent common attacks where a privileged process tries to access what it thinks is not a symlink, but another process manages to insert a symlink to an unrelated file so that the privileged process performs the wrong access. It's not a good idea to build things directly in /tmp like that anyway, for more or less that reason. Creating a subdirectory of /tmp for each new "action" that needs temporary files is a better approach. ---> Drake Wilson
Yeah, fs.protected_symlinks is it. Thank you. I usually copy the package dir from /var/abs to /tmp so I didn't notice before that reading symlinks from root of /tmp wasn't allowed.
participants (2)
-
Drake Wilson
-
Neven Sajko