Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hledger-web.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/hledger-web #1057

Closed
juhp opened this issue Jul 1, 2019 · 5 comments
Closed

hledger-web.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/hledger-web #1057

juhp opened this issue Jul 1, 2019 · 5 comments
Labels
A-BUG Something wrong, confusing or sub-standard in the software, docs, or user experience. packaging Dependencies, version constraints, packaging.. platform:linux web The hledger-web tool.

Comments

@juhp
Copy link

juhp commented Jul 1, 2019

Recently we packaged hledger-web for Fedora.
Now I noticed an rpmlint error:

$ rpm -q hledger-web
hledger-web-1.10-1.fc30.x86_64
$ rpmlint -i hledger-web
hledger-web.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/hledger-web

This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and
this would be a potential security issue to be fixed. Seek POS36-C on the web
for details about the problem.

Do you have any ideas about this? (I could not find anything related to setuid/setgid in the source.)
@juhp juhp added the A-BUG Something wrong, confusing or sub-standard in the software, docs, or user experience. label Jul 1, 2019
@simonmichael simonmichael mentioned this issue Jul 1, 2019
Open
@simonmichael
Copy link
Owner

That's a new one for me. #ghc points to process as a possible suspect, cf haskell/process#83 (comment) ..

@simonmichael simonmichael mentioned this issue Jul 1, 2019
Open
@simonmichael
Copy link
Owner

simonmichael commented Jul 1, 2019
edited
Loading

@juhp, bgamari has posted a possible fix for that issue, if you have time to try a build with this patched process.

@simonmichael simonmichael added the web The hledger-web tool. label Jul 8, 2019
@simonmichael
Copy link
Owner

simonmichael commented Jul 8, 2019
edited
Loading

Status: once haskell/process#148 is released, make hledger-web depend on that. [Waiting for: a post-1.6.5.1 release.]

@simonmichael simonmichael added packaging Dependencies, version constraints, packaging.. needs:other-task To unblock: needs some other issue/task/event, possibly outside our project labels Jul 21, 2019
@simonmichael simonmichael removed the needs:other-task To unblock: needs some other issue/task/event, possibly outside our project label Jun 23, 2023
@simonmichael
Copy link
Owner

I haven't added an explicit process bound to hledger-web, but I'm going to assume this is now fixed in practice.

@juhp
Copy link
Author

juhp commented Jun 23, 2023

Yes thank you - I just checked the last fedora build and the rpmlint error is indeed gone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-BUG Something wrong, confusing or sub-standard in the software, docs, or user experience. packaging Dependencies, version constraints, packaging.. platform:linux web The hledger-web tool.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simonmichael @juhp