[Goodies-dev] xfce4-sensors-plugin: hddtemp not setuid message

Sat Mar 1 06:30:28 CET 2008

2008/2/29, Fabian Nowak <timystery at arcor.de>:
>
>  Am Dienstag, den 26.02.2008, 02:44 -0200 schrieb Mariano Besio:
>
> > Hi people, I've just installed version sensors plugin 0.10.99.4 from
>  > Debian reps (please keep reading), which is based on svn revision 3775
>  > and the new plugin started to show a message each time its started
>  > saying that hddtemp is not being setuid root. The problem is that it
>  > seems to be setuid correctly and hddtemp can be executed as non-root
>
>
> "Correct" (actually, setuid root is ugly):
>  -rwsr-xr-x 1 root root 26716 17. Feb 18:52 /usr/sbin/hddtemp
>
Yeah I also think that is "correct" :) but anyway, I don't believe
that there is a nicer solution, besides using sockets. I also got this
output:
-rwsr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
so it seems to be "correct".

>
>  > user without any trouble. So I decided to look after the code of svn
>  > version to fix it and found that get_hddtemp_value routine has on line
>  > 299 a validation with the access function against 0. Looking at access
>  > man pages, shouldn't this value be -1? I think that this is causing
>  > the message to appear when the disk string is "/dev/fd".
>
>
> No, it looks for being executable in general but returning invalid
>  stuff; so it comes to the conclusion that the SMARt sensor cannot be
>  polled due to missing permissions.
>

Oh, yes now I see which is the idea. So that was why changing that
value worked for me. Sorry for that, my mistake.

>
>  Anyway, did some changes in svn, you might want to check them and
>  whether it's working better. If not, it might be nice to give me the
>  return codes and output to stdout and stderr of running hddtemp on valid
>  and invalid devices both with sudo/setuid root and without.

I'm running hddtemp version 0.3-beta15. I've got this outputs:

With setuid
$ ll /usr/sbin/hddtemp ; hddtemp /dev/sda ; echo "\$? = "$?
-rwsr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
/dev/sda: WDC WD1600JS-00MHB0: 56°C
$? = 0

$ ll /usr/sbin/hddtemp ; hddtemp /dev/fd ; echo "\$? = "$?
-rwsr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
ERROR: /dev/fd: can't determine bus type (or this bus type is unknown)
$? = 1

$ ll /usr/sbin/hddtemp ; hddtemp /dev/null ; echo "\$? = "$?
-rwsr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
ERROR: /dev/null: can't determine bus type (or this bus type is unknown)
$? = 1

$ ll /usr/sbin/hddtemp ; hddtemp /dev/nodevice ; echo "\$? = "$?
-rwsr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
/dev/nodevice: open: No existe el fichero o el directorio

$? = 1
(this has the system locale output, translation: "No file or
directory". I know this case should never happen as names are fetched
form sys, just to be more informative)

Without setuid
$ ll /usr/sbin/hddtemp ; hddtemp /dev/sda ; echo "\$? = "$?
-rwxr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
/dev/sda: open: Permiso denegado

$? = 1
(again the locale, translation: "Permission denied")

$ ll /usr/sbin/hddtemp ; hddtemp /dev/fd ; echo "\$? = "$?
-rwxr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
ERROR: /dev/fd: can't determine bus type (or this bus type is unknown)
$? = 1

$ ll /usr/sbin/hddtemp ; hddtemp /dev/null ; echo "\$? = "$?
-rwxr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
ERROR: /dev/null: can't determine bus type (or this bus type is unknown)
$? = 1

$ ll /usr/sbin/hddtemp ; hddtemp /dev/nodevice ; echo "\$? = "$?
-rwxr-xr-x 1 root root 26716 2008-02-17 15:52 /usr/sbin/hddtemp
/dev/nodevice: open: No existe el fichero o el directorio

$? = 1
(translation: "No file or directory")

Doing "grep exit *.c" on hddtemp code in
http://download.savannah.nongnu.org/releases/hddtemp/ I've found that
the author is using (or planning to use) these error codes: -2, -1, 1,
2, 3. He seems to use mostly 1. But as you had already written in some
comments, those checks are version dependent.
The changes in svn revision 4012 look fine. Don't misunderstand me, my
doubt was more like a theoretical one. The svn version seems to be
working OK, but IMHO the strings comparison for devices seems a bit
hardwired. I don't want to be pedantic, but perhaps in this case you
may want to look at the stat function instead of access, although the
bitwise operations make code less maintainable. This weekend I'll try
to see if the stat solution is viable to avoid this cases.

Hope I haven't been too harsh, as you've seen in the locale, English
is not my native language.
Thanks for the answers and your time. Regards,

Mariano