Re: Bug#226381: pcmcia-source: (kernel) capabilities/privileges up the creek => broken modules]

To: Debian developers list <debian-devel@lists.debian.org>
Cc: 226381@bugs.debian.org
Subject: Re: Bug#226381: pcmcia-source: (kernel) capabilities/privileges up the creek => broken modules]
From: Julian Gilbey <jdg@debian.org>
Date: Tue, 6 Jan 2004 17:59:38 +0000
Message-id: <[🔎] 20040106175938.GA23971@polya2>

Anyone got any ideas about this bug which I jsut reported?  I've
reported it against the pcmcia packages, but I wonder whether it might
be a kernel bug or something else?

Thanks,

   Julian

Package: pcmcia-source
Version: 3.2.5-2

Help!

I've just compiled this module for kernel 2.4.23, and I've been
fighting all day to get it to work.  When I execute a command such as
cardctl reset 0, I get the output:

ioctl(): Operation not permitted

But I'm root!  (And it makes no difference whether I've logged in as
root at the console or used su to get there.)

My debugging has led me to the conclusion that cardctl does not pick
up the necessary privileges: in the ds_ioctl function in modules/ds.c,
there is a check which tests capable(CAP_SYS_ADMIN).  Now, checking
the value of the effective capabilities, I'm surprised to find that
they're 0.  Oops.  So somehow or other, capabilities are being
dropped.  I have no clue how this is happening.  If I run a subshell,
the capabilities aren't dropped, so somehow or other, something weird
is happening here.

In fact, things are weirder still.  For just before the ioctl() call
from cardctl, the privileges are perfectly correct (that is,
everything but CAP_SETPCAP in effective and permitted, nothing in
inheritable).  And there is no difference here whether the cardctl
program is setuid root or not when it is run by root, although if it
is run setuid by a normal user, it appears to have no capabilities (as
determined by using routines in libcap).

Now when we arrive at ds_ioctl, the capabilities are the pretty
nonsensical:

e=0x40051808 i=0x077d0023 p=0xbffffa58

(and that can be translated into something meaningful if
appropriate using /usr/include/linux/capability.h).  Also,
current->euid has taken on a nonsensical value (1024) as well.

So it strikes me that the capabilities (and the content of the current
structure) are being corrupted at some point.

Any ideas what might be going wrong or where the bug might lie?

   Julian

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

        Julian Gilbey, website: http://www.polya.uklinux.net/
   Debian GNU/Linux Developer, see: http://people.debian.org/~jdg/
     Visit http://www.thehungersite.com/ to help feed the hungry

Reply to:

Prev by Date: Re: python again (was: Bug#225999: ITP: debsync -- installed packages synchronization tool)
Next by Date: Re: World Domination Plan - phase debtakeover
Previous by thread: Bug#226439: ITP: mell -- miscellaneous emacs lisp library
Next by thread: installing Sarge with F5D6050
Index(es):
- Date
- Thread