netatalk icon indicating copy to clipboard operation
netatalk copied to clipboard

Published 20 hours ago verified publisher icon Netatalk

Missing call to setgroups; use getaddrinfo() instead of gethostbyname()

Open knight-of-ni opened this issue 1 year ago • 3 comments

Describe the bug Rpmlint identified a few issues worth mentioning. I've posted the full output below. Some of the issues are expected or are a result of how the rpm is built (and can be ignored). However, these in particular are worth discussing:

netatalk.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cnid_dbd

Looks like this one was been around awhile, as the relevant line of code was written 19 years ago: https://github.com/Netatalk/netatalk/blob/main/etc/cnid_dbd/main.c#L449

What I found interesting is afprun calls setgroups before setuid. Thus it passes the rpmlint check: https://github.com/Netatalk/netatalk/blob/main/etc/afpd/afprun.c#L123

Should something similar be done for cnid_dbd?

netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/lib64/libatalk.so.18.0.0

This looks like the relevant line of code: https://github.com/Netatalk/netatalk/blob/main/libatalk/util/netatalk_conf.c#L2193

The suggestion would be to use getaddrinfo() rather than gethostbyname(). From what I can tell, this is primarily because gethostbyname does not support ipv6.

netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/sbin/afpd https://github.com/Netatalk/netatalk/blob/main/etc/afpd/nfsquota.c#L80

Same comment as the previous.

To Reproduce Run rpmlint on the netatalk rpm

Expected behavior No errors or warnings, that have not been addressed or explained

Environment

  • Server OS: Fedora 40
  • Netatalk Version 3.2.4

Logs

$ rpmlint netatalk-3.2.4-1.fc40.x86_64.rpm
============================ rpmlint session starts ============================
rpmlint: 2.5.0
configuration:
    /usr/lib/python3.12/site-packages/rpmlint/configdefaults.toml
    /etc/xdg/rpmlint/fedora-legacy-licenses.toml
    /etc/xdg/rpmlint/fedora-spdx-licenses.toml
    /etc/xdg/rpmlint/fedora.toml
    /etc/xdg/rpmlint/scoring.toml
    /etc/xdg/rpmlint/users-groups.toml
    /etc/xdg/rpmlint/warn-on-functions.toml
checks: 32, packages: 1

netatalk.x86_64: E: setuid-binary /usr/bin/afppasswd root 4755
netatalk.x86_64: E: non-standard-executable-perm /usr/bin/afppasswd 4755
netatalk.x86_64: E: non-readable /run/lock/netatalk 0
netatalk.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cnid_dbd
netatalk.x86_64: W: dbus-policy-allow-receive <allow receive_sender="org.netatalk.AFPStats"/> /etc/dbus-1/system.d/netatalk-dbus.conf
netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/lib64/libatalk.so.18.0.0
netatalk.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/sbin/afpd
 1 packages and 0 specfiles checked; 4 errors, 3 warnings, 87 filtered, 4 badness; has taken 1.1 s

Additional context none

knight-of-ni avatar Jul 25 '24 15:07 knight-of-ni

Thanks for sharing! I propose putting these improvements on the backlog for the next major release (4.0.0)

rdmark avatar Jul 26 '24 03:07 rdmark

Absolutely. That's totally your call as to how you want to address these, even if at all. I'm just doing my diligence as a packager by letting you know about them. :-)

knight-of-ni avatar Jul 26 '24 17:07 knight-of-ni

I've merged a potential fix for missing-call-to-setgroups-before-setuid now.

Poked around with binary-or-shlib-calls-gethostbyname a bit but it seems like a much more involved coding project. Postponing to a future time.

rdmark avatar Sep 22 '24 00:09 rdmark

This should take care of the gethostbyname issue https://github.com/Netatalk/netatalk/pull/1934

rdmark avatar Feb 01 '25 15:02 rdmark