[Bug 746704] New: sudo: must be setuid root
https://bugzilla.novell.com/show_bug.cgi?id=746704 https://bugzilla.novell.com/show_bug.cgi?id=746704#c0 Summary: sudo: must be setuid root Classification: openSUSE Product: openSUSE 12.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: vcizek@suse.com ReportedBy: jslaby@suse.com QAContact: qa@suse.de Found By: --- Blocker: --- Sudo doesn't work in factory. For about 10 days. It just does nothing: $ sudo echo ahoj $ If one straces the process, they can see: write(2, "sudo", 4sudo) = 4 write(2, ": ", 2: ) = 2 write(2, "must be setuid root", 19must be setuid root) = 19 write(2, "\n", 1 Otherwise the error cannot be seen? Why? # rpm -V sudo 5S.T..... c /etc/sudoers # ll /usr/bin/sudo -rwsr-xr-x 1 root root 79768 1. úno 14.08 /usr/bin/sudo -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c1
Vitezslav Cizek
From man strace: BUGS Programs that use the setuid bit do not have effective user ID privileges while being traced.
sudo then fails on this check: if (geteuid() != 0) errorx(1, _("must be setuid root")); -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c2
--- Comment #2 from Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c3
Jiri Slaby
I've found some similar problems on systemd mailing list:
http://lists.freedesktop.org/archives/systemd-devel/2012-February/004461.htm...
This is very likely it! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c4
--- Comment #4 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c5
--- Comment #5 from Jiri Slaby
I don't have the issue on my Factory vm, with systemd from Factory or Base:System.
This is not reproducible on console. Only from xterm.
could it be a pam issue caused by systemd pam module ?
I don't know. The only thing I see in messages is: sudo: xslaby : TTY=pts/11 ; PWD=/home/xslaby ; USER=root ; COMMAND=/bin/echo ahoj systemd-logind[2172]: New session c8 of user root. systemd-logind[2172]: Removed session c8. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c6
--- Comment #6 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c7
--- Comment #7 from Jiri Slaby
works fine in a xterm and gnome-terminal here too.
which display manager and which desktop environment are you using ?
KDM+KDE4 and KDM+xfce4 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c8
Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c9
--- Comment #9 from Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c10
--- Comment #10 from Jiri Slaby
could it be a bug in kdm ?
It looks like that. With xdm it works. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c11
--- Comment #11 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c12
--- Comment #12 from Cristian Rodríguez
strange, I don't have the issue with kdm here (running either GNOME or KDE, with either xterm, gnome-terminal or konsole).
Wild crazy guess, may be due to different kernel versions ? Im running 3.3.0rc3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c13
Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c14
--- Comment #14 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c15
--- Comment #15 from Jiri Slaby
please test with Factory kernel. I'm using a Factory only VM, nothing else.
Yes, 3.2.0 works. Even 3.2.0 vanilla. But if I build my own 3.2, it doesn't work. Neither 3.3-rc3 vanilla nor default kernel works. I believe this is a kernel configuration change problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c16
Cristian Rodríguez
(In reply to comment #14)
please test with Factory kernel. I'm using a Factory only VM, nothing else.
Yes, 3.2.0 works. Even 3.2.0 vanilla. But if I build my own 3.2, it doesn't work. Neither 3.3-rc3 vanilla nor default kernel works. I believe this is a kernel configuration change problem.
Great, I 'm not yet crazy it seems :-) can you take a look at it then ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c17
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c18
--- Comment #18 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c19
--- Comment #19 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c20
Jiri Slaby
could people check their /etc/systemd/systemd-logind.conf (everything should be commented there) ?
$ grep -v ^# /etc/systemd/systemd-logind.conf [Login]
and also, check /etc/pam.d/sudo and /etc/pam.d/common-session(-pc) (those should contains session optional pam_systemd.so)
# cat /etc/pam.d/sudo .. session include common-session # cat /etc/pam.d/common-session-pc .. session optional pam_systemd.so -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c21
--- Comment #21 from Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c22
--- Comment #22 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c23
--- Comment #23 from Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c24
Joseph Mulloy
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c25
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c26
--- Comment #26 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c
Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c27
--- Comment #27 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c28
--- Comment #28 from Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c29
--- Comment #29 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c30
--- Comment #30 from Cristian Rodríguez
Good catch, I did not see there's a write(8) after close(8). However I know what is the fd 8, but I did not find descriptor 7 ;-)
fcntl(7, F_DUPFD_CLOEXEC, 3) = 8
But the code below does not make a sense, so I assume sudo is in very strange state after EINTR
close(8) = 0 write(8, "\21", 1) = 1 rt_sigreturn(0x8) = -1 EINTR (Interrupted system call) select(8, [3 7], [], NULL, NULL) = 1 (in [7]) read(7, "\21", 1)
Question is ..in what piece of the puzzle write() is interrupted.. unless I am missing something EINTR is a temporary error condition and hence has to be handled with TEMP_FAILURE_RETRY( write(.... ) ) ..however Im afraid that wont solve the problem, as fd 8 is closed *before* write... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c31
--- Comment #31 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c32
--- Comment #32 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c33
--- Comment #33 from Jiri Slaby
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c34
--- Comment #34 from Michal Vyskocil
please test systemd >= 44-222.1 from Base:System, it contains a potential fix for this problem.
I don't see my issue even with systemd-43 from openSUSE:Factory, as Gnome3 still enforces me to do some restarts, all tmux sessions now behaves correctly despite the detach/attach. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c35
--- Comment #35 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c36
--- Comment #36 from Jiri Slaby
could people with the bug try to add "session required pam_loginuid.so" to their /etc/pam.d/sudo file, before "session include common-session" line ?
Sure: no change... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c37
--- Comment #37 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c38
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c39
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c40
--- Comment #40 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c41
--- Comment #41 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c42
--- Comment #42 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c43
--- Comment #43 from Cristian Rodríguez
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c44
--- Comment #44 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c45
Guido Berhörster
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c46
--- Comment #46 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c47
--- Comment #47 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c48
--- Comment #48 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c49
--- Comment #49 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c50
--- Comment #50 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c51
--- Comment #51 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c52
--- Comment #52 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c
Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c53
--- Comment #53 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c54
--- Comment #54 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c55
--- Comment #55 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c56
--- Comment #56 from Cristian Rodríguez
ok, I've been able to reproduce the issue reliably, with autologin with kdm.
Could people with this bug try to edit /etc/pam.d/xdm-np
and add
session required pam_loginuid.so
before the line: session include common-session
This should fix the "sudo" bug (not the tmux/screen bug)
That worked, thank you very much for your work ;) isnt supposed that pam_loginuid should be included in common-session before pam_systemd or I am missing something here ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c57
--- Comment #57 from Cristian Rodríguez
ok, I've been able to reproduce the issue reliably, with autologin with kdm.
Could people with this bug try to edit /etc/pam.d/xdm-np
and add
session required pam_loginuid.so
before the line: session include common-session
This should fix the "sudo" bug (not the tmux/screen bug)
Unfortuantely it worked only once... sudo -s worked.. then issued sudo rm -rf directorytoclean and the X session crashed again... :( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c58
--- Comment #58 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c59
--- Comment #59 from Stefan Dirsch
the X session crash should be fixed by disabling logind-logout.patch (I'm not sure this has reached Factory yes). loginuid shouldn't be part of common- session, but we should fix xdm-np.
done. SR #120615 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c60
--- Comment #60 from Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c61
--- Comment #61 from Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c62
--- Comment #62 from Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c63
--- Comment #63 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c64
--- Comment #64 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=746704
https://bugzilla.novell.com/show_bug.cgi?id=746704#c65
Frederic Crozat
participants (1)
-
bugzilla_noreply@novell.com