Dear Andreas, Thank you for your small program. I have no problem with setuid binaries on my system.
I’ve checked also the source code of nvidia-modprobe, and modified it to show the error messages. The diff is as follows. --- nvidia-modprobe-384.111.orig/modprobe-utils/nvidia-modprobe-utils.c +++ nvidia-modprobe-384.111/modprobe-utils/nvidia-modprobe-utils.c @@ -372,7 +372,11 @@ static int modprobe_helper(const int pri * * Silence the current process to avoid such unwanted messages. */ - silence_current_process(); + /*silence_current_process();*/ + + fprintf(stderr, "modprobe_path: %s\n", modprobe_path); + fprintf(stderr, "module_name: %s\n", module_name); + fprintf(stderr, "eeuid() %d\n", geteuid()); execle(modprobe_path, "modprobe", module_name, NULL, envp); With this modification, nvidia-modprobe -u will output the following message when it fails. ———- modprobe_path: /sbin/modprobe module_name: nvidia-uvm eeuid() 0 modprobe: ERROR: could not insert 'nvidia_current_uvm': Operation not permitted modprobe: ERROR: ../libkmod/libkmod-module.c:979 command_do() Error running install command for nvidia_uvm modprobe: ERROR: could not insert ‘nvidia_uvm': Operation not permitted ———- From this output, I think this issue occurs when we have any wrong configuration in /etc/modprobe.d/. In my case, /etc/modprobe.d/nvidia.conf has the following lines. ——— install nvidia modprobe -i nvidia-current $CMDLINE_OPTS install nvidia-modeset modprobe nvidia ; modprobe -i nvidia-current-modeset $CMDLINE_OPTS install nvidia-drm modprobe nvidia-current-modeset ; modprobe -i nvidia-current-drm $CMDLINE_OPTS install nvidia-uvm modprobe nvidia ; modprobe -i nvidia-current-uvm $CMDLINE_OPTS remove nvidia modprobe -r -i nvidia-drm nvidia-modeset nvidia-uvm nvidia ——- I’m bit confusing between nvidia_uvm and nvidia-uvm. However, adding a line below, nvidia-modprobe -u now works fine as expected. ——— alias nvidia-uvm nvidia-current-uvm ——- Best, Hiromasa YOSHIMOTO > 2018/02/05 17:45、Andreas Beckmann <a...@debian.org>のメール: > > I've prepared a small program to help debugging whether setuid binaries > work on your system: > > ===== test-setuid.c ===== > #include <unistd.h> > #include <sys/types.h> > #include <stdio.h> > > int main() > { > printf("getuid() = %ld\n", (long)getuid()); > printf("geteuid() = %ld\n", (long)geteuid()); > printf("getgid() = %ld\n", (long)getgid()); > printf("getegid() = %ld\n", (long)getegid()); > } > ========================= > > 1) compile > > $ gcc -o test-setuid test-setuid.c > > 2) try it as user: > > $ ./test-setuid > > getuid() = 1000 > geteuid() = 1000 > getgid() = 1000 > getegid() = 1000 > > Your UID/GID could be different ... > > 3) try it as root: > > $ sudo ./test-setuid > > getuid() = 0 > geteuid() = 0 > getgid() = 0 > getegid() = 0 > > 4) install it as setuid root binary to /usr/bin > (to be at the same location as nvidia-modprobe) > > $ sudo cp test-setuid /usr/bin/test-setuid > $ sudo chown root:root /usr/bin/test-setuid > $ sudo chmod u+s /usr/bin/test-setuid > $ ls -la /usr/bin/test-setuid > > -rwsr-xr-x 1 root root 8848 Feb 5 09:13 /usr/bin/test-setuid > > 5) run as user > > $ /usr/bin/test-setuid > > getuid() = 1000 > geteuid() = 0 > getgid() = 1000 > getegid() = 1000 > > If this works, geteuid() should return 0 > > 6) cleanup > > $ sudo rm /usr/bin/test-setuid > > > You could repeat steps 4-6 with different locations (e.g. on different > filesystems). For example /run/user/<YOURUID> which should be a tmpfs > mounted with option nosuid - there it shouldn't work. > > > > Andreas > > _______________________________________________ > pkg-nvidia-devel mailing list > pkg-nvidia-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-nvidia-devel