On Tue, Sep 29, 2009 at 11:04:16PM +0200, Gilles Espinasse wrote:
> Even when mount is not installed as root, setuid bit is still set.
> ls -n tools_i486/bin/mount
> -rwsr-xr-x 1 1000 1000 56232 sep 28 23:35 tools_i486/bin/mount
>
> When later, trying to use that mount as root inside a chroot
>
> [chroot-i486] root:/$ whoami
> root
> [chroot-i486] root:/$ mkdir -p /dev1
> [chroot-i486] root:/$ mount --move /dev /dev1
> mount: only root can do that
>
> Removing setuid bit or changing mount to be root owned let mount work.
>
> But that's a bit troublesome when you are root to have a message 'only root
> can do that'.
You are right that the message is confusing, should be
mount: only root can do that (effective UID is <number>)
or so...
> I haven't tested in previous version. Or more exactly, previous version has
> been tested with a mount compiled and include in a tar.gz. And tar remove
> setuid bit silently unless commended not to do so, so the problem did not
> appear earlier.
Yes, the real_uid == effective_uid requirement is there for many many
years.
> That may appear strange not to install mount as root. But that's the
> recommended way to build a toolchain a la LFS/DIY, a bit safer for the
> running OS if you make a mistake compiling a key program like glibc.
>
> I don't know what the best fix is.
> Maybe remove setuid bit when not installed as root?
maybe add --disable-makeinstall-4755 (or s/4755/setuid/, or whatever)
configure option.
> Or change the error message?
Yes, the message should be more verbose.
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
