On Wed, 10 May 2017 09:48:19 +0200 PaulTT <[email protected]> said: > i just posted a message about this... (sorry, i've seen now this thread) > > as i said there, there's also a problem with unlocking (so, pam related, i > assume ?) > via console su and sudo worked like a charm (i've got error messages about > cpufreq and backlight too)
pam would be executing a setuid root binary to do the password check... so it's the same issue. something has decided that e and app processes below it in the process tree "cant run setuid (root) binaries" and has disabled that feature. that feature seems to only kick in with 4.11 kernel. it certainly is not e doing this. it has relied on this working for many years. it's something new security-wise that is being enabled by a new kernel. maybe some parent process is using setpriv? CAP_SETUID disabled? man capabilities ... for info ... maybe run captest ? 12:20PM ~ > captest User credentials uid:1000 euid:1000 suid:1000 Group credentials gid:1000 egid:1000 sgid:1000 Current capabilities: none securebits flags: none Attempting direct access to shadow...FAILED (Permission denied) Attempting to access shadow by child process...FAILED Child User credentials uid:1000 euid:1000 suid:1000 Child Group credentials gid:1000 egid:1000 sgid:1000 Child capabilities: none Child securebits flags: none is what i get. which is normal. > could the problem be related to some new sh**y systemd operation???? > i saw that also using wayland, i coulnd't access halt/reboot/suspend menu > items too (this happens to me also with previous kernels) works for me with enlightenment + wl + arch (+systemd)... i can do all the power off etc. stuff... > On Thu, May 4, 2017 at 6:19 AM, Carsten Haitzler <[email protected]> > wrote: > > > On Thu, 04 May 2017 11:09:13 +0900 <[email protected]> said: > > > > > Hi, > > > > > > Carsten Haitzler (The Rasterman) <[email protected]> wrote: > > > > > > > On Wed, 3 May 2017 12:09:21 +0900 Florian Schaefer <[email protected]> > > said: > > > > > > > > Hi! > > > > > > > > > > On 03.05.2017 10:04, Carsten Haitzler (The Rasterman) wrote: > > > > > > On Tue, 02 May 2017 21:16:40 +0900 [email protected] said: > > > > > > > > > > > >> Hi, > > > > > >> > > > > > >> I got the source of kernel 4.11, then comipled, and check the > > > > > >> behaviour of enlightenment (efl 1.18.1, enlightment 0.21.7). > > > > > >> > > > > > >> At the start up of enlightenment, I got an error message; > > > > > >> > > > > > >> There was an error trying to set the cpu power state setting via > > the > > > > > >> module's setfreq utility. > > > > > >> > > > > > >> On the kernel 4.10.x, I never see such a message. > > > > > >> > > > > > >> And, I tried to use su and sudo command in the terminal, I got a > > > > > >> strange message; > > > > > >> > > > > > >> fulwood@linux-uw5l:~> sudo > > > > > >> sudo: effective uid is not 0, is sudo installed setuid root > > > > > >> > > > > > >> fulwood@linux-uw5l:~> su > > > > > >> Password: > > > > > >> su: incorrect password > > > > > >> > > > > > >> This means, there is a problem concerning uid treatment in the > > > > > >> enlightenment, doesn't it. > > > > > >> > > > > > >> Moreover, VirtualBox indicate the problem of enlightenment > > directly; > > > > > >> > > > > > >> fulwood@linux-uw51:~> VirtualBox > > > > > >> > > > > > >> VirtualBox: Error -10 in SUPRHardenedMain! > > > > > >> VirtualBox: Effective UID is not root (euid=1000, egid=100, > > uid=1000, > > > > > >> gid=100) > > > > > >> VirtualBox: Tip! It may help to reintall VirtualBox. > > > > > >> > > > > > >> Why does uid=1000? > > > > > > > > > > > > that's a common uid to start with for users added to a system - > > first > > > > > > user added commonly is uid 1000... that's probably ... you. > > > > > > > > > > > >> So, we can't use enlightenment on the kernel 4.11. > > > > > > > > > > > > from the above it seems like since you compiled your own kernel it > > > > > > seemingly has disabled setuid root binaries. i assume this is some > > new > > > > > > feature of kernels since 4.11 that has been turned on. i suggest > > you > > > > > > turn it off to allow them again. your kernel broke far more than > > > > > > enlightenment. it broke sudo. probably even broke su. it broke > > > > > > virtualbox... it broke stuff. what that option is - i don't know. > > this > > > > > > is news to me. > > > > > > > > > > Just for the record I'd like to add that I observe the same behavior. > > > > > > > > > > Since switching from 4.9 to 4.11 yesterday I cannot do suid requiring > > > > > operations (like su or mount.cifs) from within E (using terminology > > or > > > > > xterm) any more. Interestingly, if I am right at the console (so no > > Xorg > > > > > and e in-between) all those commands work like a charm. > > > > > > > > > > I could not find any setuid related option in the kernel > > configuration > > > > > so I cannot really imagine where it is misconfigured. > > > > > > > it'll likely be some security option that ends up doing this for child > > > > processes ... whatever/however it is... but its certainly a change in > > the > > > > kernel and "security options" of some sort. > > > > > > But, why the kernel's change has an impact on enlightenment only? > > > On e16 and kde-plasma, no impact. > > > > neither controls cpu frequency/governor or don't use setuid root binaries > > or > > they come from packages with specific selinux rules to allow setuid root > > binaries... or something. but it's a kernel change that creates the issue. > > what > > - i don't know. ask your friendly neighbourhood kernel developer. the > > setuid > > root binaries are specifically erroring out unable to assume root privs > > where > > they could before. > > > > > > -- > > ------------- Codito, ergo sum - "I code, therefore I am" -------------- > > The Rasterman (Carsten Haitzler) [email protected] > > > > > > ------------------------------------------------------------ > > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > enlightenment-devel mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > enlightenment-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
