Fix setting setuid/gid bits with uid/gid and add a test #2049
Conversation
|
Test makes sense, looking at the error I am not sure; I am trying to read up on special mode bits to make sure I understand them. Would the out bits be different the in ? ( I assume yes based on your test) but I am not able to find documentation that can explain it to me. |
|
@travier I think I found it, its because our order of setting ownership and perms were backwards. It passes locally 🤞 |
|
Nice catch! |
prestist
force-pushed
the
tests-setuid-setgid-sticky
branch
3 times, most recently
from
773db46 to
ab57b8b
Compare
travier
force-pushed
the
tests-setuid-setgid-sticky
branch
from
ab57b8b to
3fcc055
Compare
|
So, this should fix the issue, but the problem is the same that the one we had in #1325, in that it's kind of a security issue to change this behavior for existing spec releases, as binaries that were previously not SetUID/SetGID would start becoming it after an Ignition update on new nodes. So we might need to wait for a spec bump and update the docs as well. |
travier
changed the title
|
Hum, the test is also incomplete as it does not test for the case where we both set the mode and the ownership. |
Yeah; that makes sense to me, I will take a look at docs and see what can be done to make it exp only :/ |
Still have not done this |
Regarding this what would you have in mind @travier ? would I need to add a user to ignition config and then do this? for the blackbox tests? |
Yes, we need to test root + setuid/gid and newuser + setuid/gid |
prestist
force-pushed
the
tests-setuid-setgid-sticky
branch
from
3118879 to
dea3735
Compare
|
Alright I added the test cases and updated version target 🤞 runs fine locally; lmk if we need anything else; otherwise I will re-base squash the fixup. |
Support for setuid/setgid/sticky bit got added in [1] but we did not add tests and it's unclear when support for it broke. [1]: coreos#1325 See: coreos#2042
prestist
force-pushed
the
tests-setuid-setgid-sticky
branch
from
dea3735 to
3625bc8
Compare
|
Maybe let's add a test that specifically verify that the bits are ignored in 3.4.0/3.5.0 as well. |
Sure, I can do that :) Slightly more annoying to test then I initially thought. So blackbox tests generate from "min version" and populate for each next version of ignition. This makes sense for most things, and makes testing that 3.6+ will have sticky bit support; however testing that older version dont have it is a bit more tricky. While locally if I do this it will pass for 3.4, 3.5, but then fail for 3.6 +. Its is because there is no "maxVersion" I.e verifying a bug continues to exist in older versions is hard to do via blackbox tests (currently) The test object is currently structured as type Test struct {
Name string
In []Disk // Disk state before running Ignition
Out []Disk // Expected disk state after running Ignition
MntDevices []MntDevice
SystemDirFiles []File
Env []string // Environment variables for Ignition
Config string
ConfigMinVersion string
ConfigVersion string
ConfigShouldBeBad bool // Set to true to skip config validation step
SkipCriticalCheck bool // Set to true to skip critical logging check
}And since we have two expected outputs depending on the version of ignition, ither 0755 before 3.6 or special bits + 0755 after. The way to fix this is likely to add a config max version, i.e defaults to "" and if max is set we simply dont create a test for that verstion or higher. Though in implementing it I cannot seem to make that work. |
prestist
force-pushed
the
tests-setuid-setgid-sticky
branch
2 times, most recently
from
eadc872 to
5c85381
Compare
|
We'll also need release notes. |
From https://man7.org/linux/man-pages/man2/lchown.2.html: > When the owner or group of an executable file is changed by an > unprivileged user, the S_ISUID and S_ISGID mode bits are cleared. > POSIX does not specify whether this also should happen when root > does the chown(); the Linux behavior depends on the kernel version, > and since Linux 2.2.13, root is treated like other users. Fixes: coreos#2042
Since a bug preventing special mode bits from being applied properly has been fixed. Move masking of the bits for configs that are in use which have special mode bits do not suddenly function different.
Extend the warning to trigger on 3.4.0 and 3.5.0 when special file mode bits are set.
Due to coreos#2042 the special mode bits are not functional in versions =< 3.6.0-exp. Add an experimental spec entry, and move docs to that sub-section migrating-configs.
…lity Add a field which can limit the max version of config generated from blackbox testing. If left blank blackbox tests will act as they always have. The new field simply limits the registration of tests to that version number. This is for the odd case where we want to ensure functionality does not exist when using older versions of configs.
…e 3.6.0 Ensure bugfix does not effect existing versions of configs using 'mode'. This means 3.5.0 - 3.2.0 should continue to lose bits on permissions.
prestist
force-pushed
the
tests-setuid-setgid-sticky
branch
from
5c85381 to
9371a25
Compare
|
Hum, this is weird, I don't have the approve power anymore here. |
|
Anyway, this is LGTM from my side. Someone else will have to figure out the approuve part :) |
Yay! thank you!
Ah weird, maybe because you opened the PR
Alrighty; It looks like I can approve but that feels a bit odd, posting it to the channel. |
Support for setuid/setgid/sticky bit got added in 1 but we did not add tests and it's unclear when support for it broke.
See: #2042