Bug#368297: [PATCH] Fix dropping privileges issue on setuid programs on systems with PAM/LDAP and GnuTLS/libgcrypt

tags 368297 + wheezy-ignore user release.debian@packages.debian.org usertag 368297 + wheezy-can-defer On Fri, Jan 25, 2013 at 00:44:21 +0100, Carlos Alberto Lopez Perez wrote: When sudo/su/passwd/insert-any-setuid-program-that-calls-getpwent() on a system configured with PAM/LDAPs it

Processed (with 5 errors): Re: Bug#368297: [PATCH] Fix dropping privileges issue on setuid programs on systems with PAM/LDAP and GnuTLS/libgcrypt

Processing commands for cont...@bugs.debian.org: tags 368297 + wheezy-ignore Bug #368297 [libgcrypt11] sudo-ldap failes when you change uri to ldaps Bug #545414 [libgcrypt11] sudo-ldap: sudo fails with sudo: setreuid(ROOT_UID, user_uid): Operation not permitted for ldap users Bug #566351

Bug#368297: [PATCH] Fix dropping privileges issue on setuid programs on systems with PAM/LDAP and GnuTLS/libgcrypt

So, for the moment (Wheezy) I think the best approach to solve this bug is to apply the small patch for OpenLDAP that I'm attaching. It is the less intrusive approach to fix this bug. It don't needs to touch anything on GnuTLS or libgcrypt. It is really fixing the problem where is: OpenLDAP

Bug#368297: [PATCH] Fix dropping privileges issue on setuid programs on systems with PAM/LDAP and GnuTLS/libgcrypt

reassign 368297 libldap-2.4 2.4.31-1 thanks Hi! I have been digging on this issue and I found the ultimate cause of this problem. When sudo/su/passwd/insert-any-setuid-program-that-calls-getpwent() on a system configured with PAM/LDAPs it chains into libldap, which uses GnuTLS/libgcrypt to