I am upgrading an older SuSE-13.2 box to Leap. I have done a fresh
Leap-15.0 install and ported over the source code that we ran on the
13.2 box. I builds fine but I am having an issue. The program is/has to
be an suid pgm. It also uses fork/execvpe/wait to execute some external
scripts. And that is where my problem lies. The user is a member of
several groups but these group memberships seem to disappear when these
external scripts are executed. For instance the user is a member of the
cdrom group so he can eject and work with a DVD. I have created a simple
example script and source for a pgm that execvpe's that script which
shows my problem.
test.sh script:
#!/bin/sh
whoami
id
test.c pgm source:
#define _GNU_SOURCE
#include
#include
#include
#include
int main()
{
char *path = getenv("PATH");
char pathenv[strlen(path) + sizeof("PATH=")];
sprintf(pathenv, "PATH=%s", path);
char *envp[] = {pathenv, NULL};
char *tests[] = {"./test.sh", NULL};
execvpe(tests[0], tests, envp);
}
#cc test.c
#/a.out
markh
uid=5076(markh) gid=100(users)
groups=100(users),19(floppy),200(lcrs),484(tape),485(lp),488(disk),489(dialout),490(cdrom)
Then as root:
#chown root ./a.out
#chgrp root ./a.out
#chmod +s ./a.out
Then as user
#./a.out
markh
uid=5076(markh) gid=100(users) groups=100(users)
Once the pgm is owned by root and suid, I lose all my group memberships
for some unknown reason. It is not proper to me.
This all works fine on 13.2 but does not on Leap 15 or Leap 42.3. Is
there some security setting somewhere that broke this? Any help from
anyone would be appreciated.
Regards
Mark
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org