-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apphost has a permission of -rwxr--r-- #3669
Comments
It looks like this is the case for the Microsoft build tarball too--transferring to Core-Setup because that's where the apphost pack originates. This causes the apphost in build output to have limited permissions:
|
@wli3 @peterhuene do we expect everyone to have execute permission for the apphost? An execute permission issue was fixed a while back for the macOS installers (https://github.com/dotnet/cli/issues/11231), but I believe the tarball is assembled from the apphost pack nupkg which didn't get that fix. (This doesn't appear to be a regression in particular:)
|
The interesting question is if it should have execute permissions at all. The |
The SDK doesn't set permissions, hence the need for that earlier macOS-focused fix. (https://github.com/dotnet/cli/issues/11231.) The publish output shows this in practice:
Setting apphost permissions could be implemented in the SDK, and yeah, giving this apphost template execute permissions seems weird to me in principle. The reasoning for putting the fix in Core-Setup is that making every dev machine run chmod (or something like it?) is considered less reliable and more difficult to implement than a build infra patch in Core-Setup, which only has to work once on machines with more well-known configs. That macOS fix was a last-minute change for an earlier 3.0 preview, so maybe the approach can be revisited outside that context. |
@wli3 @peterhuene @livarcocc, what do you think is the right resolution for this problem? Fixing the permissions on the setup side or in the SDK when it produces a host based on the templates? |
Personally I think the template should be |
Moved from dotnet/core#3559. From the perspective of |
@am11 that looks pretty good - but what about Windows - will it work there? I would expect we want this to only happen on Mac/Linux. core-setup does not have the infra to run full dotnet-publish in tests. Typically we add only a targeted test in core-setup (basically run the code and validate that it marked the file correctly). End-to-end tests can the be added to dotnet/sdk repo. It has the "Caller" of the HostModel package and its tests do have the infra to run full dotnet-publish. |
/cc @swaroop-sridhar |
I'd set the x bit also for other. If someone wants something stricter, they can do it themselves.
This isn't needed.
You can use |
Thanks! I did not notice that this lib is shared with Windows. Agree with @tmds, that this could be skipped in Windows, as the file mode (attribute) seems correct: (on a computer which is not a member of domain) #!/usr/bin/env powershell
~\Source\Repos\myApp> dotnet publish
~\Source\Repos\myApp> ls $(gcm .\bin\Debug\netcoreapp3.0\publish\myApp.exe).Path | select `
Name,Mode,Attributes,@{name="Access";expression={(get-acl $_).AccessToString}} | ft -wrap
Name Mode Attributes Access
---- ---- ---------- ------
myApp.exe -a---- Archive NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
ADEEL-PC\adeel Allow FullControl
# compared to other installed software executable for the current user, for example, `git`
~\Source\Repos\myApp> ls $(gcm git).Path | select `
Name,Mode,Attributes,@{name="Access";expression={(get-acl $_).AccessToString}} | ft -wrap
Name Mode Attributes Access
---- ---- ---------- ------
git.exe -a---- Archive NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
BUILTIN\Users Allow ReadAndExecute, Synchronize
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize They vary by Access level, but something which probably users can change by themselves. |
Agree and if something bad happens, it would be like |
@am11 can you create a PR? |
@tmds, sure, I am trying to figure out how to test the end-to-end flow. Should I copy over produced binaries (from |
This is the sdk that gets used during the build. You shouldn't patch it. Maybe try to patch a fresh 3.0.100 sdk from dot.net/download. Other people will chime in and suggest some things. |
Yup, as @vitek-karas mentioned that E2E unit tests are not available in core-setup right now, I was thinking about patching a local/temp copy obtained by: curl -sSL https://dot.net/v1/dotnet-install.sh | \
bash /dev/stdin --install-dir /tmp/dotnet_experimental --channel 3.0 and test it at least once in my localhost. Seems like there used to be a unit test checking file permission: dotnet/sdk@b98c28e, but the checks were removed in 2.1 for some reason. Meanwhile, I have issued a PR: dotnet/core-setup#8510. PTAL. :) |
Set apphost and bundle file permission to 755₈ When building a .net core 3 app, the SDK currently simply copies the apphost template (including its permissions) from the install-location. This caused two problems in Unix systems: * If the dotnet install location is write-protected, the build fails when SDK tries update the apphost (to set the app-path, etc.) (#8511) * The built apphost can only be run by the owner (#7062) This change explicitly sets the file permissions of the Apphost in the SDK to fix the above issues.
Keeping the issue open until the change is in 3.1 |
Set apphost and bundle file permission to 755₈ When building a .net core 3 app, the SDK currently simply copies the apphost template (including its permissions) from the install-location. This caused two problems in Unix systems: * If the dotnet install location is write-protected, the build fails when SDK tries update the apphost (to set the app-path, etc.) (#8511) * The built apphost can only be run by the owner (#7062) This change explicitly sets the file permissions of the Apphost in the SDK to fix the above issues.
Set apphost and bundle file permission to 755₈ When building a .net core 3 app, the SDK currently simply copies the apphost template (including its permissions) from the install-location. This caused two problems in Unix systems: * If the dotnet install location is write-protected, the build fails when SDK tries update the apphost (to set the app-path, etc.) (#8511) * The built apphost can only be run by the owner (#7062) This change explicitly sets the file permissions of the Apphost in the SDK to fix the above issues.
When building a .net core 3 app, the SDK currently simply copies the apphost template (including its permissions) from the install-location. This caused two problems in Unix systems: * If the dotnet install location is write-protected, the build fails when SDK tries update the apphost (to set the app-path, etc.) (#8511) * The built apphost can only be run by the owner (#7062) This change explicitly sets the file permissions of the Apphost in the SDK to fix the above issues.
Set apphost and bundle file permission to 755₈ When building a .net core 3 app, the SDK currently simply copies the apphost template (including its permissions) from the install-location. This caused two problems in Unix systems: * If the dotnet install location is write-protected, the build fails when SDK tries update the apphost (to set the app-path, etc.) (#8511) * The built apphost can only be run by the owner (#7062) This change explicitly sets the file permissions of the Apphost in the SDK to fix the above issues.
When building a .net core 3 app, the SDK currently simply copies the apphost template (including its permissions) from the install-location. This caused two problems in Unix systems: * If the dotnet install location is write-protected, the build fails when SDK tries update the apphost (to set the app-path, etc.) (#8511) * The built apphost can only be run by the owner (#7062) This change explicitly sets the file permissions of the Apphost in the SDK to fix the above issues.
Fixed by 10d8d09 |
Has this really been fixed? I couldn't verify it on my end. Here's what I did:
|
I believe this issue was focused on setting the generated apphost to Were you able to validate the |
The generated apphost looks correct:
|
I built .NET Core 3.0 preview 6. It includes an apphost executible that can only be executed by owner, no one else.
That looks pretty weird. Is this a known issue?
Other executibles look okay:
The text was updated successfully, but these errors were encountered: