Mailinglist Archive: opensuse (1352 mails)

< Previous Next >
Re: [opensuse] Problem with suid pgms on Leap-15.0
On 06/01/2018 04:21 PM, John Andersen wrote:
On 06/01/2018 10:20 AM, Mark Hounschell wrote:
I am upgrading an older SuSE-13.2 box to Leap. I have done a fresh Leap-15.0
install and ported over
....
Once the pgm is owned by root and suid, I lose all my group memberships for
some unknown reason. It
is not proper to me.

This all works fine on 13.2 but does not on Leap 15 or Leap 42.3. Is there some
security setting
somewhere that broke this? Any help from anyone would be appreciated.

Regards
Mark



Is the pgm forced to drop privileges upon becoming owned by root?


No, the sample pgm and script I provided show the problem. It's a simple matter of the group memberships of the user being dropped.

AFAIK, Opensuse hasn't been a pure permissions based Linux for some several
releases.
(Permissions and group membership aren't the only controlling factor any more).

ACLs are possibly involved:
https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.acls.html
Udev rules might be involved (especially when a device is referenced)
https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.udev.html


The sample pgm I provided does nothing ACL or UDEV related. It simply forks and execs a script that shows the groups the user is a member of. Which is users only.

Mark



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >