154425 – sys-apps/shadow-4.0.15-r2 removes suid on /bin/su

Bug 154425 - sys-apps/shadow-4.0.15-r2 removes suid on /bin/su

Summary: sys-apps/shadow-4.0.15-r2 removes suid on /bin/su

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-11-07 19:41 UTC by John Shimek
Modified:	2006-11-08 00:10 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Shimek 2006-11-07 19:41:44 UTC

After emerging the latest sys-apps/shadow-4.0.15-r2, users are no longer able to su to root.

# ls -la /bin/su
-rwx--x--x 1 root root 48184 Nov  7 21:33 /bin/su

instead of 

# ls -la /bin/su
-rws--x--x 1 root root 48184 Nov  7 21:33 /bin/su

To work around this: 

chmod u+s /bin/su

Note that this fix only works if a root shell is still open, otherwise the user must use a live CD chroot into the system.

emerge --info:

 # emerge --info
Portage 2.1.1-r1 (default-linux/amd64/2006.1, gcc-4.1.1, glibc-2.4-r3, 2.6.16-gentoo-r9 x86_64)
=================================================================
System uname: 2.6.16-gentoo-r9 x86_64 AMD Athlon(tm) 64 FX-51 Processor
Gentoo Base System version 1.12.6
Last Sync: Sat, 04 Nov 2006 05:02:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -pipe -O2"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -pipe -O2"
DISTDIR="/home/distfile"
FEATURES="autoconfig candy distlocks fixpackages metadata-transfer newuse sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/home/distfile"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 X aac acpi alsa bash-completion berkdb bitmap-fonts cdr cli cracklib crypt dlloader dri dvd dvdr elibc_glibc fat flac fortran gdbm gif gnome gpm gtk gtk2 hfs iconv imap input_devices_keyboard input_devices_mouse ipod ipv6 isdnlog java jpeg kernel_linux libg++ mad maildir mozilla mp3 ncurses nls nptl nptlonly ntfs offensive ogg opengl oss pcre perl png ppds pppd python readline reflection session spell spl ssl svg tcpd tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU video_cards_nvidia vorbis xorg xpm zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-11-08 00:10:25 UTC

The ebuild is just fine. Run `MAKEOPTS=-j1 emerge shadow >& log` and post the log here.