Unfortunately, relying on build time permission setting is insufficient; dh_fixperms removes the setuid bit and converts everything to root ownership. In order to fix it to be owned, we need to do dpkg-statoverride in the postinst (as well as tweak the dh_fixperms_override step in the debian rules file), like so:
override_dh_installchangelogs: dh_installchangelogs debian/changelog
diff -Nru systemtap-1.3/debian/systemtap-runtime.postinst systemtap-1.3/debian/systemtap-runtime.postinst
--- systemtap-1.3/debian/systemtap-runtime.postinst 2010-08-06 11:34:25.000000000 -0700
+++ systemtap-1.3/debian/systemtap-runtime.postinst 2010-11-19 15:30:31.000000000 -0800
@@ -12,6 +12,11 @@
echo "Adding stapusr group..."
addgroup --quiet --system stapusr || true
fi
+ # Fixup staprun binary for new group 'stapusr'.
+ if [ -x /usr/sbin/dpkg-statoverride ] &&
+ ! dpkg-statoverride --list /usr/bin/staprun > /dev/null ; then
+ dpkg-statoverride --update --add root stapusr 4750 /usr/bin/staprun
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
I've incorporate this into packages that I've uploaded to the ubuntu-security-proposed ppa at https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages and verified that the permissions and ownership are such that only users in the stapusr group (as well as root) can run staprun, and that the upstream patch addresses Tavis' example cases:
Unfortunately, relying on build time permission setting is insufficient; dh_fixperms removes the setuid bit and converts everything to root ownership. In order to fix it to be owned, we need to do dpkg-statoverride in the postinst (as well as tweak the dh_fixperms_ override step in the debian rules file), like so:
diff -Nru systemtap- 1.3/debian/ rules systemtap- 1.3/debian/ rules 1.3/debian/ rules 2010-08-06 11:34:25.000000000 -0700 1.3/debian/ rules 2010-11-19 15:26:42.000000000 -0800
--- systemtap-
+++ systemtap-
@@ -87,7 +87,7 @@
override_ dh_fixperms: systemtap- runtime/ usr/bin/ staprun systemtap- runtime/ usr/bin/ staprun
dh_fixperms
- chmod 4755 debian/
+ chmod 4750 debian/
override_ dh_installchang elogs:
dh_installch angelogs debian/changelog 1.3/debian/ systemtap- runtime. postinst systemtap- 1.3/debian/ systemtap- runtime. postinst 1.3/debian/ systemtap- runtime. postinst 2010-08-06 11:34:25.000000000 -0700 1.3/debian/ systemtap- runtime. postinst 2010-11-19 15:30:31.000000000 -0800 dpkg-statoverri de ] && upgrade| abort-remove| abort-deconfigu re)
diff -Nru systemtap-
--- systemtap-
+++ systemtap-
@@ -12,6 +12,11 @@
echo "Adding stapusr group..."
addgroup --quiet --system stapusr || true
fi
+ # Fixup staprun binary for new group 'stapusr'.
+ if [ -x /usr/sbin/
+ ! dpkg-statoverride --list /usr/bin/staprun > /dev/null ; then
+ dpkg-statoverride --update --add root stapusr 4750 /usr/bin/staprun
+ fi
;;
abort-
;;
I've incorporate this into packages that I've uploaded to the ubuntu- security- proposed ppa at https:/ /launchpad. net/~ubuntu- security- proposed/ +archive/ ppa/+packages and verified that the permissions and ownership are such that only users in the stapusr group (as well as root) can run staprun, and that the upstream patch addresses Tavis' example cases:
$ staprun [module_to_remove]
and
$ MODPROBE_ OPTIONS= "--dirname /tmp" staprun -u whatever
Thanks.