-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.18.16_2 kernel (default) incorrect setuid behaviour on x86_64-musl arch #4417
Comments
Would be interesting how it works out with |
can't reproduce:
|
I have installed a fresh musl system on a separate disk, and the issue indeed does not reproduce there. What factors could cause this problem, other than the kernel, which I can test for? |
FWIW I can confirm it works as expected both on hardware and in a qemu Void installation. |
There doesn't seem to be anything suspicious going on - just the kernel allowing the second
I can also reproduce the
which produces the following strace
|
Here's the output of
So setuid(0) fails with |
@pullmoll that's exactly my point! |
I think I have found the culprit. Quite bizarrely, it seems to be loading the
|
Can you rebuild |
setting SECBIT_NO_SETUID_FIXUP in a pam module is a bad idea: void-linux#4417
setting SECBIT_NO_SETUID_FIXUP in a pam module is a bad idea: void-linux#4417
setting SECBIT_NO_SETUID_FIXUP in a pam module is a bad idea: #4417
Thank you for reporting this. I removed the "fix" from pam_rundir which caused this. |
Removing the patch does indeed fix the issue, but now renders I have submitted a patch to fix the aforementioned issues in a different way jjk-jacky/pam_rundir#4 |
System
Expected behavior
After a
setuid(1000)
call dropping root privileges, the program is no longer able to regain root privileges bysetuid(0)
.Actual behavior
After a
setuid(1000)
call dropping root privileges, the program is still able to regain root privileges bysetuid(0)
. On theglibc
architecture this error is not present: the secondsetuid(0)
correctly fails.Steps to reproduce the behavior
compiled with
gcc -o test test.c
produces the output (when run as root)The text was updated successfully, but these errors were encountered: