Harden Softnet SUID setup#1273
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 81cba367a6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| try runInteractiveSudo( | ||
| arguments: [chmodExecutablePath, "u+s", softnetExecutablePath], | ||
| failureMessage: "failed to configure SUID bit on Softnet executable with Sudo") |
There was a problem hiding this comment.
When the first sudo helper succeeds, runInteractiveSudo has already moved the terminal foreground process group to that sudo process and never restores Tart's process group before returning. This second call then runs while Tart is a background process group and calls tcsetpgrp again, which can stop/fail on interactive terminals; in that case first-time setup gets stuck after chown and before chmod, leaving the Homebrew softnet binary root-owned but not setuid. Please either run both operations in one sudo process or restore Tart's pgrp before launching the next sudo.
Useful? React with 👍 / 👎.
fallintoplace
force-pushed
the
fix/softnet-suid-setup
branch
from
81cba36 to
8142831
Compare
1 participant
Summary
sudo,chown, andchmodduring Softnet SUID setupsh -cand pass privileged command arguments directlyValidation
swift run swiftformat Sources/tart/Network/Softnet.swiftswift buildDEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer xcrun swift testbuilds the test bundle and runs part of the suite, then hits an existingLayerizerTestsfatal unwrap when the registry runner is unavailable