Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: TestSUID hangs with "Password" prompt on FreeBSD #70702

Open
prattmic opened this issue Dec 5, 2024 · 8 comments
Open

runtime: TestSUID hangs with "Password" prompt on FreeBSD #70702

prattmic opened this issue Dec 5, 2024 · 8 comments
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsFix The path to resolution is known, but the work has not been done. OS-FreeBSD
Milestone

Comments

@prattmic
Copy link
Member

prattmic commented Dec 5, 2024

@siebenmann reports that all.bash hangs with a "Password:" prompt on their FreeBSD machine due to runtime.TestSUID's su call.

Our FreeBSD builders allow su with no password (I think because our user is in the wheel group?). Presumably real FreeBSD systems don't put the main user in wheel. Or maybe su is asking for the password of the primary user? I'm not sure how this configuration works.

On my Linux workstation, the test skips as su seems to automatically exit with error (detects a non-interactive stdin perhaps?). Perhaps FreeBSD's su doesn't do this?

cc @golang/freebsd @rolandshoemaker

@prattmic prattmic added this to the Backlog milestone Dec 5, 2024
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Dec 5, 2024
@gabyhelp
Copy link

gabyhelp commented Dec 5, 2024

Related Issues

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@siebenmann
Copy link

siebenmann commented Dec 5, 2024 via email

@ianlancetaylor
Copy link
Member

FreeBSD has a doas command like OpenBSD. @siebenmann Does it work to change privesc in runtime/security_test.go to run doas on runtime.GOOS == "freebsd" as it already does for runtime.GOOS == "openbsd" ? In particular that passes the -n option which disables password checking.

I agree that ideally a test should not invoke su. But this particular test is exactly about testing a privileged operation. We could consider skipping the test if -test.short was used, except on the builders. That would not eliminate problems but at least it wouldn't show up for ordinary users using make.bash or run.bash.

@siebenmann
Copy link

siebenmann commented Dec 6, 2024 via email

@ianlancetaylor
Copy link
Member

Thanks. I filed #70708 to ask for doas to be installed on builders. When that happens we can change the test to use it, and avoid this problem.

@mknyszek mknyszek added the NeedsFix The path to resolution is known, but the work has not been done. label Dec 6, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/634156 mentions this issue: runtime: in TestSUID use doas on FreeBSD

@bsiegert
Copy link
Contributor

bsiegert commented Dec 8, 2024

The doas package is now installed on the NetBSD LUCI builders (arm and arm64).

However, without a config file, all it prints is

doas: doas is not enabled, /usr/pkg/etc/doas.conf: No such file or directory

I am hesitant to give the swarming user the right to run all commands as root.

In addition, the LUCI infrastructure already uses sudo, so sudo is also installed and configured on these systems. The only allowed command for the swarming user is reboot, which it does after failed test runs. So my preference would be to add NetBSD to the darwin branch, which uses sudo. What do you think?

@prattmic
Copy link
Member Author

We could potentially try both doas and sudo, but of course it is possible that neither works.

This seems like a test that we want an assertion that it isn't skipped on some builder we know is properly configured.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsFix The path to resolution is known, but the work has not been done. OS-FreeBSD
Projects
Development

No branches or pull requests

7 participants