If the root filesystem is readonly, consolehelper fails. What happens is that userhelper.c:wrap() does: s = svNewFile(apps_filename); /* If the file is world-writable, or isn't a regular file, or couldn't * be opened, just exit. We don't want to alert an attacker that the * service name is invalid. */ if ((s == NULL) || (fstat(s->fd, &sbuf) == -1) || !S_ISREG(sbuf.st_mode) || (sbuf.st_mode & S_IWOTH)) { However, if the file is readonly (or on a readonly filesystem as in this case) then svNewFile closes the fd. The attached patch fixes this by not closing the fd in this case (as that seems to be an optimization only).
Created attachment 100830 [details] Fix for the problem
Nalin: please can you comment on Alex's patch?
The patch looks good from here, both in rationale and implementation. I'd like you to modify the patch so that it stores the mode with which the file was opened in the returned structure. Previously, a calling application could check (fd != -1) and be sure that the file could be modified, but the patch removes that, so you end up depending on an ftruncate() failing when the application attempts to write to the file. (If we ever actually get this code factored out into a single common implementation, we'll need something to address that.)
Created attachment 102978 [details] new version of the patch New patch attached that keeps track of whether you can write to fd or not.
An is-writable field works just as well. Okay to commit.
Commited and built as usermode-1.71-1.