* [Bug bzip2/25492] New: bzip2.c: ignoring return value of ‘fchown’
@ 2020-01-01 0:00 noloader at gmail dot com
2020-05-17 13:00 ` [Bug bzip2/25492] " mark at klomp dot org
2021-04-11 15:13 ` vapier at gentoo dot org
0 siblings, 2 replies; 3+ messages in thread
From: noloader at gmail dot com @ 2020-01-01 0:00 UTC (permalink / raw)
To: bzip2-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25492
Bug ID: 25492
Summary: bzip2.c: ignoring return value of ‘fchown’
Product: bzip2
Version: unspecified
Status: UNCONFIRMED
Severity: minor
Priority: P2
Component: bzip2
Assignee: nobody at sourceware dot org
Reporter: noloader at gmail dot com
CC: bzip2-devel at sourceware dot org
Target Milestone: ---
This warning makes me feel uneasy. I believe a similar issue in a different
function was exploited on Android to gain root privileges.
I don't have a specific exploit in mind. It might be a good idea to audit the
use of the function and ensure it is safe with and without root privileges.
gcc -fpic -fPIC -Wall -D_FILE_OFFSET_BITS=64 -g2 -O2 -march=native -fPIC
-pthread -I. -L/usr/local/lib -Wl,-R,'$ORIGIN/../lib' -Wl,-R,/usr/local/lib
-Wl,--enable-new-dtags -o bzip2-shared bzip2.c libbz2.1.0.8.so
bzip2.c: In function ‘applySavedFileAttrToOutputFile’:
bzip2.c:1073:4: warning: ignoring return value of ‘fchown’, declared with
attribute warn_unused_result [-Wunused-result]
(void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the Android exploit, the return value of setuid() was not checked when root
attempted to drop privileges. Also see Android's Rage Against the Cage,
https://thesnkchrmr.wordpress.com/2011/03/24/rageagainstthecage/.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug bzip2/25492] bzip2.c: ignoring return value of ‘fchown’
2020-01-01 0:00 [Bug bzip2/25492] New: bzip2.c: ignoring return value of ‘fchown’ noloader at gmail dot com
@ 2020-05-17 13:00 ` mark at klomp dot org
2021-04-11 15:13 ` vapier at gentoo dot org
1 sibling, 0 replies; 3+ messages in thread
From: mark at klomp dot org @ 2020-05-17 13:00 UTC (permalink / raw)
To: bzip2-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25492
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
CC| |mark at klomp dot org
Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
I don't think this is a real bug. First we do "check" the result, by throwing
it away, that is what the (void) does. And my compiler doesn't show that
warning, even with -Wunused-result.
This is the whole function:
static
void applySavedFileAttrToOutputFile ( IntNative fd )
{
# if BZ_UNIX
IntNative retVal;
retVal = fchmod ( fd, fileMetaInfo.st_mode );
ERROR_IF_NOT_ZERO ( retVal );
(void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
/* chown() will in many cases return with EPERM, which can
be safely ignored.
*/
# endif
}
As you can see, the comment already explains why we don't care.
What the function tried to do is set the attributes of the new output file to
the same attributes of the input file. So if your input file was owned by user
mark, it will try to set the output file to the same owner. If you aren't the
user mark, but only had read permission to the input file, and you don't have
permission to change the owner of a file, then the output file will just be
owned by you.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug bzip2/25492] bzip2.c: ignoring return value of ‘fchown’
2020-01-01 0:00 [Bug bzip2/25492] New: bzip2.c: ignoring return value of ‘fchown’ noloader at gmail dot com
2020-05-17 13:00 ` [Bug bzip2/25492] " mark at klomp dot org
@ 2021-04-11 15:13 ` vapier at gentoo dot org
1 sibling, 0 replies; 3+ messages in thread
From: vapier at gentoo dot org @ 2021-04-11 15:13 UTC (permalink / raw)
To: bzip2-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25492
Mike Frysinger <vapier at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |https://sourceware.org/pipe
| |rmail/bzip2-devel/2021q2/00
| |0125.html
--- Comment #2 from Mike Frysinger <vapier at gentoo dot org> ---
should fix the warnings:
https://sourceware.org/pipermail/bzip2-devel/2021q2/000125.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-04-11 15:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-01 0:00 [Bug bzip2/25492] New: bzip2.c: ignoring return value of ‘fchown’ noloader at gmail dot com
2020-05-17 13:00 ` [Bug bzip2/25492] " mark at klomp dot org
2021-04-11 15:13 ` vapier at gentoo dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).