Bug 117858 - setuid/setgid binaries arent stripped by brp-strip etc
Summary: setuid/setgid binaries arent stripped by brp-strip etc
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rpm   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-03-09 12:32 UTC by Lance Davis
Modified: 2015-01-06 22:54 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-19 19:29:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
changes sed regex in brpstrip etc to ignore stuff before ELF (2.42 KB, patch)
2004-03-09 12:35 UTC, Lance Davis
no flags Details | Diff
Another regexp approach (731 bytes, patch)
2005-08-07 21:21 UTC, Ville Skyttä
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1176277 None CLOSED Review Request: Shinobi - Meta build system for Ninja 2019-03-19 23:16 UTC

Internal Trackers: 1176277

Description Lance Davis 2004-03-09 12:32:09 UTC
Description of problem:

setuid/setgid binaries arent stripped by brp-strip etc 

Version-Release number of selected component (if applicable):


How reproducible:

always

Steps to Reproduce:
1. rpmbuild --rebuild an rom with setuid/setgid binary
2.
3.
  
Actual results:


Expected results:


Additional info:

Fix appears to have been already applied to find-debuginfo.sh but not
brp-strip*

Comment 1 Lance Davis 2004-03-09 12:35:02 UTC
Created attachment 98397 [details]
changes sed regex in brpstrip etc to ignore stuff before ELF

chnages from [

Comment 2 Paul Nasrat 2005-03-03 13:53:19 UTC
Consider for U6

Comment 4 Ville Skyttä 2005-08-07 21:21:26 UTC
Created attachment 117532 [details]
Another regexp approach

I noticed this today, too, and created a patch for it before noticing this bug.
 Here's my version of it for reference, it uses a slightly stricter regexp
which can be seen as a good or bad thing...

Comment 5 Ville Skyttä 2005-08-07 21:23:27 UTC
Oh, and BTW, I noticed this on FC4. 

Comment 6 Ville Skyttä 2005-08-11 15:49:15 UTC
One more thing, just so it's not forgotten if this is applied sometime: 
 
Stripping setuid/setgid binaries appears to lose the setuid/setgid bits, which 
could silently break existing packages.  That should be taken care of in the 
update. 

Comment 7 Jeff Johnson 2006-08-05 10:57:33 UTC
This has been fixed for quite a while in upstream rpm.

Ville: Using %attr in spec files is a far more reliable approach to packaging executables
with setuid/setgid bits than working around quirky tool side-effects.

UPSTREAM

Comment 8 Ville Skyttä 2006-08-05 11:15:43 UTC
Agreed.

Comment 9 RHEL Product and Program Management 2007-10-19 19:29:23 UTC
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.


Note You need to log in before you can comment on or make changes to this bug.