Comment 7 for bug 509734
Revision history for this message
| Ansgar Burchardt (aburch) wrote Re: [Bug 509734] Re: execution fails with "Cannot delete saved userids: Operation not permitted" | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Hi,
Ansgar Burchardt <ansgar@43-1.org> writes:
> While looking up the groups, suddenly the following happens:
> 828 20241 getuid32() = 1
> 829 20241 mlock(0xb7348000, 32768) = 0
> 830 20241 geteuid32() = 0
> 831 20241 setuid32(1) = 0
> 832 20241 getuid32() = 1
> 833 20241 geteuid32() = 1
> 834 20241 setuid32(0) = -1 EPERM (Operation not permitted)
I think I found the suspect: libgcrypt11/
The function lock_pool from src/secmem.c contains the following code:
uid = getuid ();
[...]
err = mlock (p, n);
[...]
if (uid && ! geteuid ())
{
/* check that we really dropped the privs.
* Note: setuid(0) should always fail */
if (setuid (uid) || getuid () != geteuid () || !setuid (0))
log_fatal ("failed to reset uid: %s\n", strerror (errno));
}
This matches the output from strace above.
(libgcrypt is used via libnss-ldap → openldap → libgnutls → libgcrypt)
Regards,
Ansgar