Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

copy: fix to respect most significant octet of given permission in copyFileInfo #168

Merged
merged 3 commits into from
Feb 7, 2024
Merged

copy: fix to respect most significant octet of given permission in copyFileInfo #168

merged 3 commits into from
Feb 7, 2024
+57 −2

Conversation

musaprg
Copy link
Contributor

@musaprg musaprg commented Sep 25, 2023
edited
Loading

This PR fixes (*copier).copyFileInfo() to respect special bits specified in the copier struct. It causes the BuildKit issue where COPY --chmod doesn't respect the most significant octet of the Unix Permission.

This behavior might be intended because setting setuid/setgid to an executable file was known as an anti-pattern in terms of security. However, this command should not ignore them implicitly if the user understands its drawbacks and desires to set them.

Additional Information

It seems Go's os.FileMode has its internal representation of special bits. We need to convert special bits to internal representation to set them properly.

Additionally, when os.Chmod() runs, it actively discards anything past the first 9 bits (owner, group, other / read, write, execute) and uses its own internal representation to set the special file mode bits.
coreos/ignition#1301 (comment)

@musaprg musaprg changed the title Fix to respect requested special bits in copyFileInfo copy: Fix to respect requested special bits in copyFileInfo Sep 26, 2023
@musaprg musaprg changed the title copy: Fix to respect requested special bits in copyFileInfo copy: fix to respect requested special bits in copyFileInfo Sep 26, 2023
@musaprg musaprg force-pushed the fix-to-respect-special-bits branch from d4f5183 to e4b0bef Compare September 26, 2023 15:40
@musaprg
Add tests
0db3c1f 
Signed-off-by: Kotaro Inoue <[email protected]>
@musaprg musaprg force-pushed the fix-to-respect-special-bits branch from e4b0bef to 0db3c1f Compare September 26, 2023 15:40
@musaprg musaprg marked this pull request as ready for review September 26, 2023 15:42
@musaprg musaprg changed the title copy: fix to respect requested special bits in copyFileInfo copy: fix to respect most significant octet of given permission in copyFileInfo Sep 26, 2023
@tonistiigi tonistiigi closed this Jan 5, 2024
@tonistiigi tonistiigi reopened this Jan 5, 2024
@musaprg
Copy link
Contributor Author

musaprg commented Jan 30, 2024

It seems CI failed due to another issue on freebsd job, which might not be related to this PR.

I suppose we need to wait for this patch being merged into master. #172

@tonistiigi tonistiigi closed this Feb 7, 2024
@tonistiigi tonistiigi reopened this Feb 7, 2024
@tonistiigi tonistiigi merged commit 1e7f306 into tonistiigi:master Feb 7, 2024
19 of 20 checks passed
@musaprg musaprg deleted the fix-to-respect-special-bits branch February 7, 2024 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@musaprg @tonistiigi