[3022] in Kerberos-V5-bugs
Re: pending/676: Bugs with solutions (Linux)
daemon@ATHENA.MIT.EDU (tytso@MIT.EDU)
Wed Dec 23 09:34:45 1998
Date: Wed, 23 Dec 1998 09:32:17 -0500
To: jakob@weite-welt.com
Cc: krb5-bugs@MIT.EDU, gnats-admin@rt-11.MIT.EDU, krb5-prs@rt-11.MIT.EDU
In-Reply-To: <19981212235722.A11508@aegir.asgard.sol> (message from Leif Jakob
on Sat, 12 Dec 1998 23:57:22 +0100)
From: tytso@MIT.EDU
Date: Sat, 12 Dec 1998 23:57:22 +0100
From: Leif Jakob <jakob@weite-welt.com>
Specification:
Linux 2.0.35 (former Suse 5.1 but hardly hacked)
libc.so.5.4.33
gcc 2.7.2.1
krb5-1.0.5
libncurses.so.3.0.970515
Here are my bugs:
After running configure the telnet and telnetd didn't link. I had
to add the -lncurses in both Makefiles. But the telnet did cause
stack overflows because the tgetent called itself recursiv (checked
with debugger). Don't know why.
This isn't a problem on my RedHat 5.2 system. Your proposed solution is
a bit of a kludge, so I'm not at all enthusiastic about applying it.
Especially since it works just fine on my Linux system.....
Next Bug (probably Linux specific):
In ksu the program calls first seteuid(target) this is no problem,
but the next call to seteuid(0) fails.
Again, this works just fine on my RedHat 5.2 system. I'm not sure what
SUSE is doing with its libc, but as far as I know seteuid() should obey
the saved setuid semantics, so this again sounds like a SUSE bug....
Solution:
Set the real and effective user to superuser at start of program:
This is a really, really bad idea, and creates significant security
holes in ksu. There's a reason why we very carefully save and reset the
effective uid.....
Can you try running this program as a setuid program, and tell me what
it sends back? Also, can you try running this program under strace
(you'll have to do it as root), and send me back the strace output?
That would help me determine what your SUSE system is doing. I'm
pretty sure that this worked on my RedHat system even back when we
were using libc5, so I'm really surprised you're having this
difficulty on your system.
main()
{
int my_uid, my_euid;
my_uid = getuid();
my_euid = geteuid();
printf("ruid=%d, euid=%d\n", getuid(), geteuid());
seteuid(my_uid);
printf("ruid=%d, euid=%d\n", getuid(), geteuid());
seteuid(my_euid);
printf("ruid=%d, euid=%d\n", getuid(), geteuid());
exit(0);
}
- Ted
P.S. One of our Krb5 development platforms is my Linux i386 laptop,
so in general things should work fairly well under Linux.
Unfortunately I can't always control exactly which libraries a
particular distribution might choose to use, and the problems you are
describing sound very much like library problems.
