Mailinglist Archive: opensuse (1352 mails)

< Previous Next >
Re: [opensuse] Re: Problem with suid pgms on Leap-15.0
On 06/04/2018 09:27 AM, L A Walsh wrote:
Andrei Borzenkov wrote:
@@ -1277,6 +1278,7 @@ disable_priv_mode ()
   int e;

+  setgroups(0, NULL);
   if (setuid (current_user.uid) < 0)
       e = errno;
    This appears to be a setuid call that would only
work when transitioning away from root.

    I may be misunderstanding the problem, but it
seems the original poster had a problem when they transitioned *to* root, so the above code doesn't seem
to make sense as being the soul source of problems.

    Is there something that clears the groups upon
a transition to root?

    Would the above code ever be executed?  As I understand
it, we are talking about a SETUID program. Aren't privilege
transitions handled in the kernel?  It seems odd to have
such code in a user-level program like a shell.

To be clear, and I have tested this, I am not loosing my group memberships when I start the suid pgm or during its execution. They are simply not being passed to an exec'd external entity. In the main program, not the example I provided, I fork/exec/wait. The main process still has my group memberships after that. They just don't make it into the exec'd pgm/script.



To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups