[pacman-dev] paccache: needsroot faulty set to 1
"Privilege escalation required" will be printed even when root isn't required If paccache runs without the -m parameter and $PWD is read only, $needsroot will be set to 1 even if the cache dir has read/write. pacman 4.1.2-6 Steps to reproduce: $ whoami maxim $ pwd /var/cache $ ls -l /var/ drwxr-xr-x 12 root root 4,0K 8 jun 09.06 cache $ ls -l /var/cache/ drwxr-xr-x 2 maxim root 12K 25 aug 15.36 yaourt $ paccache -rc /var/cache/yaourt ==> Privilege escalation required Cause: This happens because [[ ${movedir:0:1} != '/' ]] is true when $movedir is empty, causing $movedir to be set to $PWD (on line 276). And if $PWD is read only, $needsroot will be set to 1 on the next row. 274 if (( move || delete )); then 275 # make it an absolute path since we're about to chdir 276 [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir 277 [[ ! -w $cachedir || ( $movedir && ! -w $movedir ) ]] && needsroot=1 278 fi Fix: - [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir + [[ $movedir && ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir I'll send in a patch. //Maxim
On Aug 26, 2014 7:56 AM, "Maxim Andersson" <thesilentboatman@gmail.com> wrote:
"Privilege escalation required" will be printed even when root isn't
required
If paccache runs without the -m parameter and $PWD is read only, $needsroot will be set to 1 even if the cache dir has read/write.
pacman 4.1.2-6
Steps to reproduce:
$ whoami maxim
$ pwd /var/cache
$ ls -l /var/ drwxr-xr-x 12 root root 4,0K 8 jun 09.06 cache
$ ls -l /var/cache/ drwxr-xr-x 2 maxim root 12K 25 aug 15.36 yaourt
$ paccache -rc /var/cache/yaourt ==> Privilege escalation required
Cause:
This happens because [[ ${movedir:0:1} != '/' ]] is true when $movedir is empty, causing $movedir to be set to $PWD (on line 276). And if $PWD is read only, $needsroot will be set to 1 on the next row.
274 if (( move || delete )); then 275 # make it an absolute path since we're about to chdir 276 [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir 277 [[ ! -w $cachedir || ( $movedir && ! -w $movedir ) ]] &&
needsroot=1
278 fi
Fix:
- [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir + [[ $movedir && ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir
I'll send in a patch.
Well, okay, but it seems we had this check, and your latest patch removes it, no?
//Maxim
2014-08-26 14:00 GMT+02:00 Dave Reisner <d@falconindy.com>:
On Aug 26, 2014 7:56 AM, "Maxim Andersson" <thesilentboatman@gmail.com> wrote:
"Privilege escalation required" will be printed even when root isn't
required
If paccache runs without the -m parameter and $PWD is read only, $needsroot will be set to 1 even if the cache dir has read/write.
pacman 4.1.2-6
Steps to reproduce:
$ whoami maxim
$ pwd /var/cache
$ ls -l /var/ drwxr-xr-x 12 root root 4,0K 8 jun 09.06 cache
$ ls -l /var/cache/ drwxr-xr-x 2 maxim root 12K 25 aug 15.36 yaourt
$ paccache -rc /var/cache/yaourt ==> Privilege escalation required
Cause:
This happens because [[ ${movedir:0:1} != '/' ]] is true when $movedir is empty, causing $movedir to be set to $PWD (on line 276). And if $PWD is read only, $needsroot will be set to 1 on the next row.
274 if (( move || delete )); then 275 # make it an absolute path since we're about to chdir 276 [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir 277 [[ ! -w $cachedir || ( $movedir && ! -w $movedir ) ]] &&
needsroot=1
278 fi
Fix:
- [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir + [[ $movedir && ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir
I'll send in a patch.
Well, okay, but it seems we had this check, and your latest patch removes it, no?
No, my last patch has this problem as well. I noticed it just after I sent in that patch.. My last patch changed the above code like this: if (( move || delete )); then # make it an absolute path since we're about to chdir [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir - [[ ! -w $cachedir || ( $movedir && ! -w $movedir ) ]] && needsroot=1 + [[ $movedir && ! -w $movedir ]] && needsroot=1 fi So that patch don't fix this issue.
//Maxim
On Tue, Aug 26, 2014 at 08:00:15AM -0400, Dave Reisner wrote:
On Aug 26, 2014 7:56 AM, "Maxim Andersson" <thesilentboatman@gmail.com> wrote:
"Privilege escalation required" will be printed even when root isn't required
If paccache runs without the -m parameter and $PWD is read only, $needsroot will be set to 1 even if the cache dir has read/write.
pacman 4.1.2-6
Steps to reproduce:
$ whoami maxim
$ pwd /var/cache
$ ls -l /var/ drwxr-xr-x 12 root root 4,0K 8 jun 09.06 cache
$ ls -l /var/cache/ drwxr-xr-x 2 maxim root 12K 25 aug 15.36 yaourt
$ paccache -rc /var/cache/yaourt ==> Privilege escalation required
Cause:
This happens because [[ ${movedir:0:1} != '/' ]] is true when $movedir is empty, causing $movedir to be set to $PWD (on line 276). And if $PWD is read only, $needsroot will be set to 1 on the next row.
274 if (( move || delete )); then 275 # make it an absolute path since we're about to chdir 276 [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir 277 [[ ! -w $cachedir || ( $movedir && ! -w $movedir ) ]] &&
needsroot=1
278 fi
Fix:
- [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir + [[ $movedir && ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir
I'll send in a patch.
Well, okay, but it seems we had this check, and your latest patch removes it, no?
Nevermind, misread -- I see why this fails.
//Maxim
Fix:
- [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir + [[ $movedir && ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir
I'll send in a patch.
Well, okay, but it seems we had this check, and your latest patch removes it, no?
Nevermind, misread -- I see why this fails.
Do you want me to incorporate this into the updated version of my other patch, of should I just leave it as a separate patch?
//Maxim
On Wed, Aug 27, 2014 at 10:54:59AM +0200, Maxim Andersson wrote:
Fix:
- [[ ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir + [[ $movedir && ${movedir:0:1} != '/' ]] && movedir=$PWD/$movedir
I'll send in a patch.
Well, okay, but it seems we had this check, and your latest patch removes it, no?
Nevermind, misread -- I see why this fails.
Do you want me to incorporate this into the updated version of my other patch, of should I just leave it as a separate patch?
Feel free to merge it into your other patch. d
participants (2)
-
Dave Reisner
-
Maxim Andersson