Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 117836 - get/setresuid broken for setuid executable, kernel 2.6.15
Summary: get/setresuid broken for setuid executable, kernel 2.6.15
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers
Depends on:
Reported: 2006-01-04 21:57 UTC by Craig Lawson
Modified: 2006-03-04 14:06 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Bug demo code (setresuid_bug.c,1.16 KB, text/plain)
2006-01-04 22:02 UTC, Craig Lawson

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Lawson 2006-01-04 21:57:28 UTC

In a Set-UID root executable, getresuid returns the UID of the actual user, not UID 0, and setresuid refuses to change the effective UID.
Comment 1 Craig Lawson 2006-01-04 22:02:09 UTC
Created attachment 76213 [details]
Bug demo code

Use this code to demonstrate the bug.

As normal user:
$ gcc setresuid_bug.c

As root:
# chown root:root a.out
# chmod +s a.out
# ls -l a.out
-rwsr-sr-x  1 root root 8565 Jan  4 21:38 a.out

As normal user:
$ id
uid=500(craig) gid=500(craig) 500(craig)
$ a.out 500
getresuid: ruid=500  euid=500  suid=500
setresuid(..., euid=500, ...)
setresuid(0, euid=500, 0)
setresuid: Operation not permitted

The app has the set UID flag set -- how come none of the UIDs is 0?
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-01-05 02:38:12 UTC
Reopen if this is reproducible with latest kernel, i.e. 2.6.15
Comment 3 Craig Lawson 2006-02-21 22:29:47 UTC
Reopened and changed bug summary to indicate kernel 2.6.15.

This bug is reproducable in the 2.6.15 kernel. Sample code produces the same output as before.
Comment 4 Daniel Drake (RETIRED) gentoo-dev 2006-02-22 11:17:26 UTC
I think this works for me. Is this the expected output?

dsd@polyethylene ~ $ ./a.out 1000
getresuid: ruid=1000  euid=0  suid=0
setresuid(..., euid=1000, ...)
setresuid(0, euid=1000, 0)
getresuid: ruid=0  euid=1000  suid=0
setresuid(ruid=1000, euid=0, suid=0)
Comment 5 Craig Lawson 2006-02-24 00:56:59 UTC
Hmm. That output shows it's working fine. I wonder what's different with my kernel?

Maybe there's some combination of flags or patches that is messing up this function. Can you tell me where I would look in the kernel for this function?
Comment 6 Daniel Drake (RETIRED) gentoo-dev 2006-02-28 07:41:59 UTC
sys_getresuid and sys_setresuid are implemented in kernel/sys.c

After researching it more yourself, you should bring this up on the Linux kernel mailing list if you have not found an answer. You should also ensure that SELinux and security policy support is not built as that might be causing the problem.
Comment 7 Craig Lawson 2006-03-04 14:06:48 UTC
Solved. It wasn't a kernel issue. It was that I specified "nosuid" for some of my mounted file systems.