On Fri, 12 May 2017 11:45:01 +0200 PaulTT <pau...@gmail.com> said: > on one of failed logins, auth.log says this: > > May 9 19:02:35 cadbane unix_chkpwd[3773]: check pass; user unknown > May 9 19:02:35 cadbane unix_chkpwd[3773]: password check failed for user > (ptt) > May 9 19:02:35 cadbane enlightenment: pam_unix(login:auth): authentication > failure; logname= uid=1000 euid=1000 tty= ruser= rhost=localhost user=ptt > > unfortunately i really can't reboot the machine now... > > could it be something related to libinput versus evdev driver in X (or wl)?
well as i said - if this is e's desklock -it'sd using pam to auth and pam will exec a setuid root util as one of its modules to do the shadow passwd auth... if setuid doesn't work then obviously pam will fail here. > On Fri, May 12, 2017 at 10:58 AM, PaulTT <pau...@gmail.com> wrote: > > > obviously, i compile it ;) > > packaged ones are full of crap, and even so, i need a couple of patches > > for my setup > > and then, i can also choose when upgrade or not... > > > > my 3 ยข ;P > > > > > > On Thu, May 11, 2017 at 2:16 PM, Al Poole <nets...@gmail.com> wrote: > > > >> Are you compiling your own kernels??? > >> > >> If so, maybe you could talk to someone that packages up kernels for ideas? > >> > >> Personally, I wouldn't advise building any kernel from source unless > >> you're > >> testing new features or building one for an embedded system...two pence > >> for > >> you! > >> > >> On Thu, May 11, 2017 at 1:07 PM, Florian Schaefer <list...@netego.de> > >> wrote: > >> > >> > > >> > On 11.05.2017 12:33, Carsten Haitzler (The Rasterman) wrote: > >> > > On Wed, 10 May 2017 09:48:19 +0200 PaulTT <pau...@gmail.com> said: > >> > > > >> > >> i just posted a message about this... (sorry, i've seen now this > >> thread) > >> > >> > >> > >> as i said there, there's also a problem with unlocking (so, pam > >> > related, i > >> > >> assume ?) > >> > >> via console su and sudo worked like a charm (i've got error messages > >> > about > >> > >> cpufreq and backlight too) > >> > > > >> > > pam would be executing a setuid root binary to do the password > >> check... > >> > so it's > >> > > the same issue. something has decided that e and app processes below > >> it > >> > in the > >> > > process tree "cant run setuid (root) binaries" and has disabled that > >> > feature. > >> > > that feature seems to only kick in with 4.11 kernel. it certainly is > >> not > >> > e > >> > > doing this. it has relied on this working for many years. it's > >> something > >> > new > >> > > security-wise that is being enabled by a new kernel. > >> > > > >> > > maybe some parent process is using setpriv? CAP_SETUID disabled? man > >> > > capabilities ... for info ... maybe run captest ? > >> > >e > >> > > 12:20PM ~ > captest > >> > > User credentials uid:1000 euid:1000 suid:1000 > >> > > Group credentials gid:1000 egid:1000 sgid:1000 > >> > > Current capabilities: none > >> > > securebits flags: none > >> > > Attempting direct access to shadow...FAILED (Permission denied) > >> > > Attempting to access shadow by child process...FAILED > >> > > Child User credentials uid:1000 euid:1000 suid:1000 > >> > > Child Group credentials gid:1000 egid:1000 sgid:1000 > >> > > Child capabilities: none > >> > > Child securebits flags: none > >> > > > >> > > is what i get. which is normal. > >> > > >> > I get the same as you on my system here: > >> > > >> > florian@washu:~ # uname -a > >> > Linux washu 4.11.0 #2 SMP PREEMPT Tue May 2 12:12:51 JST 2017 i686 > >> > GNU/Linux > >> > florian@washu:~ # captest > >> > User credentials uid:500 euid:500 suid:500 > >> > Group credentials gid:100 egid:100 sgid:100 > >> > Current capabilities: none > >> > securebits flags: none > >> > Attempting direct access to shadow...FAILED (Permission denied) > >> > Attempting to access shadow by child process...FAILED > >> > Child User credentials uid:500 euid:500 suid:500 > >> > Child Group credentials gid:100 egid:100 sgid:100 > >> > Child capabilities: none > >> > Child securebits flags: none > >> > > >> > Cheers, > >> > Florian > >> > > >> > >> could the problem be related to some new sh**y systemd operation???? > >> > >> i saw that also using wayland, i coulnd't access halt/reboot/suspend > >> > menu > >> > >> items too (this happens to me also with previous kernels) > >> > > > >> > > works for me with enlightenment + wl + arch (+systemd)... i can do all > >> > the > >> > > power off etc. stuff... > >> > > > >> > >> On Thu, May 4, 2017 at 6:19 AM, Carsten Haitzler < > >> ras...@rasterman.com> > >> > >> wrote: > >> > >> > >> > >>> On Thu, 04 May 2017 11:09:13 +0900 <fulwood...@gmail.com> said: > >> > >>> > >> > >>>> Hi, > >> > >>>> > >> > >>>> Carsten Haitzler (The Rasterman) <ras...@rasterman.com> wrote: > >> > >>>> > >> > >>>>> On Wed, 3 May 2017 12:09:21 +0900 Florian Schaefer < > >> > list...@netego.de> > >> > >>> said: > >> > >>>> > >> > >>>>>> Hi! > >> > >>>>>> > >> > >>>>>> On 03.05.2017 10:04, Carsten Haitzler (The Rasterman) wrote: > >> > >>>>>>> On Tue, 02 May 2017 21:16:40 +0900 fulwood...@gmail.com said: > >> > >>>>>>> > >> > >>>>>>>> Hi, > >> > >>>>>>>> > >> > >>>>>>>> I got the source of kernel 4.11, then comipled, and check the > >> > >>>>>>>> behaviour of enlightenment (efl 1.18.1, enlightment 0.21.7). > >> > >>>>>>>> > >> > >>>>>>>> At the start up of enlightenment, I got an error message; > >> > >>>>>>>> > >> > >>>>>>>> There was an error trying to set the cpu power state setting > >> via > >> > >>> the > >> > >>>>>>>> module's setfreq utility. > >> > >>>>>>>> > >> > >>>>>>>> On the kernel 4.10.x, I never see such a message. > >> > >>>>>>>> > >> > >>>>>>>> And, I tried to use su and sudo command in the terminal, I got > >> a > >> > >>>>>>>> strange message; > >> > >>>>>>>> > >> > >>>>>>>> fulwood@linux-uw5l:~> sudo > >> > >>>>>>>> sudo: effective uid is not 0, is sudo installed setuid root > >> > >>>>>>>> > >> > >>>>>>>> fulwood@linux-uw5l:~> su > >> > >>>>>>>> Password: > >> > >>>>>>>> su: incorrect password > >> > >>>>>>>> > >> > >>>>>>>> This means, there is a problem concerning uid treatment in the > >> > >>>>>>>> enlightenment, doesn't it. > >> > >>>>>>>> > >> > >>>>>>>> Moreover, VirtualBox indicate the problem of enlightenment > >> > >>> directly; > >> > >>>>>>>> > >> > >>>>>>>> fulwood@linux-uw51:~> VirtualBox > >> > >>>>>>>> > >> > >>>>>>>> VirtualBox: Error -10 in SUPRHardenedMain! > >> > >>>>>>>> VirtualBox: Effective UID is not root (euid=1000, egid=100, > >> > >>> uid=1000, > >> > >>>>>>>> gid=100) > >> > >>>>>>>> VirtualBox: Tip! It may help to reintall VirtualBox. > >> > >>>>>>>> > >> > >>>>>>>> Why does uid=1000? > >> > >>>>>>> > >> > >>>>>>> that's a common uid to start with for users added to a system - > >> > >>> first > >> > >>>>>>> user added commonly is uid 1000... that's probably ... you. > >> > >>>>>>> > >> > >>>>>>>> So, we can't use enlightenment on the kernel 4.11. > >> > >>>>>>> > >> > >>>>>>> from the above it seems like since you compiled your own kernel > >> it > >> > >>>>>>> seemingly has disabled setuid root binaries. i assume this is > >> some > >> > >>> new > >> > >>>>>>> feature of kernels since 4.11 that has been turned on. i suggest > >> > >>> you > >> > >>>>>>> turn it off to allow them again. your kernel broke far more than > >> > >>>>>>> enlightenment. it broke sudo. probably even broke su. it broke > >> > >>>>>>> virtualbox... it broke stuff. what that option is - i don't > >> know. > >> > >>> this > >> > >>>>>>> is news to me. > >> > >>>>>> > >> > >>>>>> Just for the record I'd like to add that I observe the same > >> > behavior. > >> > >>>>>> > >> > >>>>>> Since switching from 4.9 to 4.11 yesterday I cannot do suid > >> > requiring > >> > >>>>>> operations (like su or mount.cifs) from within E (using > >> terminology > >> > >>> or > >> > >>>>>> xterm) any more. Interestingly, if I am right at the console (so > >> no > >> > >>> Xorg > >> > >>>>>> and e in-between) all those commands work like a charm. > >> > >>>>>> > >> > >>>>>> I could not find any setuid related option in the kernel > >> > >>> configuration > >> > >>>>>> so I cannot really imagine where it is misconfigured. > >> > >>>> > >> > >>>>> it'll likely be some security option that ends up doing this for > >> > child > >> > >>>>> processes ... whatever/however it is... but its certainly a > >> change in > >> > >>> the > >> > >>>>> kernel and "security options" of some sort. > >> > >>>> > >> > >>>> But, why the kernel's change has an impact on enlightenment only? > >> > >>>> On e16 and kde-plasma, no impact. > >> > >>> > >> > >>> neither controls cpu frequency/governor or don't use setuid root > >> > binaries > >> > >>> or > >> > >>> they come from packages with specific selinux rules to allow setuid > >> > root > >> > >>> binaries... or something. but it's a kernel change that creates the > >> > issue. > >> > >>> what > >> > >>> - i don't know. ask your friendly neighbourhood kernel developer. > >> the > >> > >>> setuid > >> > >>> root binaries are specifically erroring out unable to assume root > >> privs > >> > >>> where > >> > >>> they could before. > >> > >>> > >> > >>> > >> > >>> -- > >> > >>> ------------- Codito, ergo sum - "I code, therefore I am" > >> > -------------- > >> > >>> The Rasterman (Carsten Haitzler) ras...@rasterman.com > >> > >>> > >> > >>> > >> > >>> ------------------------------------------------------------ > >> > >>> ------------------ > >> > >>> Check out the vibrant tech community on one of the world's most > >> > >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > >> > >>> _______________________________________________ > >> > >>> enlightenment-devel mailing list > >> > >>> enlightenment-devel@lists.sourceforge.net > >> > >>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > >> > >>> > >> > >> ------------------------------------------------------------ > >> > ------------------ > >> > >> Check out the vibrant tech community on one of the world's most > >> > >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > >> > >> _______________________________________________ > >> > >> enlightenment-devel mailing list > >> > >> enlightenment-devel@lists.sourceforge.net > >> > >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > >> > >> > >> > > > >> > > > >> > > >> > ------------------------------------------------------------ > >> > ------------------ > >> > Check out the vibrant tech community on one of the world's most > >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > >> > _______________________________________________ > >> > enlightenment-devel mailing list > >> > enlightenment-devel@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > >> > > >> ------------------------------------------------------------ > >> ------------------ > >> Check out the vibrant tech community on one of the world's most > >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > >> _______________________________________________ > >> enlightenment-devel mailing list > >> enlightenment-devel@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > >> > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) ras...@rasterman.com ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
