Hi,
Ansgar Burchardt <ansgar@43-1.org> writes:
> While looking up the groups, suddenly the following happens: > 828 20241 getuid32() = 1 > 829 20241 mlock(0xb7348000, 32768) = 0 > 830 20241 geteuid32() = 0 > 831 20241 setuid32(1) = 0 > 832 20241 getuid32() = 1 > 833 20241 geteuid32() = 1 > 834 20241 setuid32(0) = -1 EPERM (Operation not permitted)
I think I found the suspect: libgcrypt11/1.4.4-2ubuntu2. The function lock_pool from src/secmem.c contains the following code:
uid = getuid (); [...] err = mlock (p, n); [...] if (uid && ! geteuid ()) { /* check that we really dropped the privs. * Note: setuid(0) should always fail */ if (setuid (uid) || getuid () != geteuid () || !setuid (0)) log_fatal ("failed to reset uid: %s\n", strerror (errno)); }
This matches the output from strace above.
(libgcrypt is used via libnss-ldap → openldap → libgnutls → libgcrypt)
Regards, Ansgar
Hi,
Ansgar Burchardt <ansgar@43-1.org> writes:
> While looking up the groups, suddenly the following happens:
> 828 20241 getuid32() = 1
> 829 20241 mlock(0xb7348000, 32768) = 0
> 830 20241 geteuid32() = 0
> 831 20241 setuid32(1) = 0
> 832 20241 getuid32() = 1
> 833 20241 geteuid32() = 1
> 834 20241 setuid32(0) = -1 EPERM (Operation not permitted)
I think I found the suspect: libgcrypt11/ 1.4.4-2ubuntu2.
The function lock_pool from src/secmem.c contains the following code:
uid = getuid ();
[...]
err = mlock (p, n);
[...]
if (uid && ! geteuid ())
{
/* check that we really dropped the privs.
* Note: setuid(0) should always fail */
if (setuid (uid) || getuid () != geteuid () || !setuid (0))
log_fatal ("failed to reset uid: %s\n", strerror (errno));
}
This matches the output from strace above.
(libgcrypt is used via libnss-ldap → openldap → libgnutls → libgcrypt)
Regards,
Ansgar