Package: libc6.1
Version: 2.11.2-2
Severity: important

After the most recent libc6.1 upgrade, setid  programs like sudo and su 
have
stopped working.

After testing, it looks as calling getpwuid() calls setuid(), which of 
course kills the effective and saved UIDs whereupon sudo can no longer 
do its job.

We're running LDAP to a secure server over ldaps.

Here's a test program I wrote to show the problem:
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>

main(int argc, char **argv)
{
        uid_t r0, e0, s0;
        uid_t r1, e1, s1;

        getresuid(&r0, &e0, &s0);
        
        getpwuid(r0);

        getresuid(&r1, &e1, &s1);
        fprintf(stdout, "[%d %d %d] -> [ %d %d %d]\n",
                r0, e0, s0, r1, e1, s1);
        return 0;
}


Compile, chown to root and make setuid:
  cc -o t t.c
  (as root:
   chown root t
   chmod u+s ./t
  )
  as an unprivileged user:
   ./t

  Here's the output:
 [1000 0 0] -> [ 1000 1000 1000]


Other related packages:
 ii  libnss-ldap    261-2.1    NSS module for using LDAP as a naming 
 ii  libsasl2-2     2.1.22.dfsg1-2 Cyrus SASL - authentication 
 ii  libgnutls26    2.8.6-1        the GNU TLS library - runtime librar
-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: ia64

Kernel: Linux 2.6.32-trunk-mckinley (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6.1 depends on:
ii  libc-bin                      2.11.2-2   Embedded GNU C Library: Binaries
ii  libgcc1                       1:4.4.4-8  GCC support library

libc6.1 recommends no packages.

Versions of packages libc6.1 suggests:
ii  debconf [debconf-2.0]         1.5.24     Debian configuration management sy
pn  glibc-doc                     <none>     (no description available)
ii  locales                       2.11.2-2   Embedded GNU C Library: National L

-- debconf information:
  glibc/upgrade: true
  glibc/disable-screensaver:
  glibc/restart-failed:
* glibc/restart-services: ssh openbsd-inetd exim4 cron autofs



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to