Hiromasa YOSHIMOTO <hiromasa.yoshim...@gmail.com> writes:
> I wrote small program to reproduce this issue.
> Could you check and try the attached code?
> The step is:
> $ gcc check.c -lcap -omain
> $ cp main sub # "sub" corresponds to insmod that
> causes EPERM
> $ sudo chown 0.0 main
> $ sudo chmod u+s main # "main" corresponds to nvidia-modprobe
> $ ./main
> This is what I get:
> ./main euid: 0 # root privilege
> CAP_SYS_MODULE: 1 # has capability
> ./sub euid: 1000 # lost root privilege (1000 is my uid)
> CAP_SYS_MODULE: 0 # the cap. is removed.
> Strictly, I use dash as /bin/sh
> but CAP_SYS_MODULE is dropped when system() is used.
I believe dash will drop privileges if euid != uid. See:
The workaround is to call setuid(0) in the parent program before you call
modprobe, or otherwise arrange for euid == uid.
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>