Public bug reported:
utils/gssd_proc.c uses SYS_setresuid and SYS_setresgid in
change_identity when it should use SYS_setresuid32 and SYS_setresgid32
instead. This causes it to truncate UIDs/GIDs > 65536.
Symptoms: rpc.gssd is unable to read kerberos credentials files after
changing identity, failing with a cryptic error message:
CC 'FILE:/tmp/krb5cc_100001_J5kIrv' is expired or corrupt
(note the UID 100001 here, rpc.gssd was actually using UID 34465 to
access this file, and failing in krb5_util.c when calling
krb5_cc_get_principal)
The attached patch fixes the bug.
I'm using Ubuntu 18.04 LTS on an Odroid XU4 (armhf). This bug does not
exist in Ubuntu 16.04 LTS.
** Affects: nfs-utils (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "Changes the syscalls to use the 32-bit variants."
https://bugs.launchpad.net/bugs/1779962/+attachment/5159351/+files/use_32_bit_uid_gid_syscalls.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1779962
Title:
rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has
expired" errors when using kerberos
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779962/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
