Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 124955 - app-admin/sudo wants /etc/sudoers 440, but setresuid to 1 before opening it! --> EACCESS
Summary: app-admin/sudo wants /etc/sudoers 440, but setresuid to 1 before opening it! ...
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Linux bug wranglers
URL: http://rafb.net/paste/results/hdnFzp8...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-04 08:23 UTC by Pascal Bourguignon
Modified: 2006-03-06 13:18 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pascal Bourguignon 2006-03-04 08:23:05 UTC
root@kuiper ~ # sudo echo help
sudo: can't open /etc/sudoers: Permission denied
root@kuiper ~ # chmod 444 /etc/sudoers
root@kuiper ~ # sudo echo help
sudo: /etc/sudoers is mode 0444, should be 0440
root@kuiper ~ # chmod 440 /etc/sudoers
root@kuiper ~ # sudo echo help
sudo: can't open /etc/sudoers: Permission denied
root@kuiper ~ # 

extract from: strace sudo echo help

lstat64("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=1663, ...}) = 0
setresgid32(-1, 0, -1)                  = 0
setresuid32(0, 1, 0)                    = 0
open("/etc/sudoers", O_RDONLY)          = -1 EACCES (Permission denied)
geteuid32()                             = 1
setresuid32(0, 0, 0)                    = 0
write(2, "sudo: ", 6sudo: )                   = 6nd
write(2, "can\'t open /etc/sudoers", 23can't open /etc/sudoers) = 23
write(2, ": ", 2: )                       = 2
write(2, "Permission denied\n", 18Permission denied
)     = 18


root@kuiper ~ # emerge --info sudo
Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15-gentoo-r1 i686)
=================================================================
System uname: 2.6.15-gentoo-r1 i686 Mobile AMD Sempron(tm) Processor 3000+
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow X Xaw3d a52 aac aalib accessibility acpi aim alsa apm arts audiofile avi bash-completion bcmath berkdb bidi bitmap-fonts blas bluetooth bzip2 calendar cdb cdparanoia cdr cpdflib crypt cscope ctype cups curl curlwrappers dba dbase dbm dbmaker dbx dedicated dga dio directfb divx4linux dv dvb dvd dvdr dvdread eds emacs emacs-w3 emboss encode esd examples exif expat fam fastcgi fbcon fdftk ffmpeg fftw flac flatfile foomaticdb fortran ftp gcj gd gd-external gdbm gif ginac glut gmp gnome gnustep gnutls gphoto2 gpm gstreamer gtk gtk2 guile hal iconv icq ieee1394 imagemagick imap imlib inifile innodb iodbc ipv6 jabber jack java javascript jikes jpeg junit kde ladcca lapack lcms ldap leim lesstif libcaca libedit libg++ libgda libwww lirc lm_sensors m17n-lib mad maildir mailwrapper mcal mhash mikmod mime mmap mmx mng mnogosearch motif mozilla mp3 mpeg mpi msession msn mule mysql mysqli nas ncurses netboot netcdf nls nneXt nocd nptl objc oci8 odbc offensive ofx ogg oggvorbis openal opengl oracle osc oscar oss pam pcmcia pcntl pcre pda pdflib perl php pic plotutils png portaudio posix postgres ppds prelude profile python qdbm qt quicktime readline recode ruby samba sasl sdl session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile snmp soap sockets source sox speex spell spl sse ssl svg svga symlink sysvipc szip tcltk tcpd test tetex theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts udev unicode usb v4l vcd vhosts videos vorbis wifi win32codecs wmf wxwindows xface xine xinerama xml xml2 xmlrpc xmms xosd xpm xprint xsl xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY

root@kuiper ~ #
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-03-06 13:06:04 UTC
This shouldn't be restricted.
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-03-06 13:18:48 UTC
Reopen with 'ls -ld /' output.