From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 892AB15827B for ; Thu, 14 Aug 2025 16:33:08 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id E4D1F340E31 for ; Thu, 14 Aug 2025 16:33:07 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 03B0711055F; Thu, 14 Aug 2025 16:33:04 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id EF46C11055F for ; Thu, 14 Aug 2025 16:33:03 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A3CBB340D69 for ; Thu, 14 Aug 2025 16:33:03 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E7913284E for ; Thu, 14 Aug 2025 16:33:01 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1755188864.2e32af007cf8a21bd77002ca45c9bccc711a2bd0.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: eclass/ X-VCS-Repository: repo/gentoo X-VCS-Files: eclass/fcaps.eclass X-VCS-Directories: eclass/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: 2e32af007cf8a21bd77002ca45c9bccc711a2bd0 X-VCS-Branch: master Date: Thu, 14 Aug 2025 16:33:01 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 0d41ec66-c63e-458b-9805-92cc474dd993 X-Archives-Hash: f5f1a5ec3e10481864d14fd98de1f2b3 commit: 2e32af007cf8a21bd77002ca45c9bccc711a2bd0 Author: Mike Gilbert gentoo org> AuthorDate: Thu Aug 7 18:16:03 2025 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Thu Aug 14 16:27:44 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e32af00 fcaps.eclass: do not set suid bit as a fallback This behavior often catches devs by suprise, leading to unintended suid binaries. Pass -m u+s explicitly to maintain the previous behavior. Bug: https://bugs.gentoo.org/811105 Signed-off-by: Mike Gilbert gentoo.org> eclass/fcaps.eclass | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass index 884b3c63c5f9..81c1ca62368c 100644 --- a/eclass/fcaps.eclass +++ b/eclass/fcaps.eclass @@ -84,13 +84,16 @@ esac # appropriate path var ($D/$ROOT/etc...) will be prefixed based on the current # ebuild phase. # -# The caps mode (default 711) is used to set the permission on the file if -# capabilities were properly set on the file. +# The caps mode is used to set the permission on the file if capabilities +# were properly set on the file. No change is applied by default. # # If the system is unable to set capabilities, it will use the specified user, -# group, and mode (presumably to make the binary set*id). The defaults there -# are 0:0 and 4711. Otherwise, the ownership and permissions will be -# unchanged. +# group, and mode. The user and group default to 0. If mode is unspecified, no +# change is applied. +# +# For example, "-m u+s" may be used to enable suid as a fallback when file caps +# are unavailable. This should be used with care, typically when the +# application is written to handle dropping privileges itself. fcaps() { debug-print-function ${FUNCNAME} "$@" @@ -102,7 +105,7 @@ fcaps() { # Process the user options first. local owner='0' local group='0' - local mode=u+s + local mode= local caps_mode= while [[ $# -gt 0 ]] ; do @@ -181,11 +184,11 @@ fcaps() { fi # If we're still here, setcaps failed. - if [[ -n ${owner} || -n ${group} ]]; then - debug-print "${FUNCNAME}: setting owner on '${file}'" - chown "${owner}:${group}" "${file}" || die - fi if [[ -n ${mode} ]]; then + if [[ -n ${owner} || -n ${group} ]]; then + debug-print "${FUNCNAME}: setting owner on '${file}'" + chown "${owner}:${group}" "${file}" || die + fi debug-print "${FUNCNAME}: setting mode on '${file}'" chmod ${mode} "${file}" || die fi