Bug#594007: libc6.1: getpwuid() changes effective and saved uids
Package: libc6.1
Version: 2.11.2-2
Severity: important
After the most recent libc6.1 upgrade, setid programs like sudo and su
have
stopped working.
After testing, it looks as calling getpwuid() calls setuid(), which of
course kills the effective and saved UIDs whereupon sudo can no longer
do its job.
We're running LDAP to a secure server over ldaps.
Here's a test program I wrote to show the problem:
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
main(int argc, char **argv)
{
uid_t r0, e0, s0;
uid_t r1, e1, s1;
getresuid(&r0, &e0, &s0);
getpwuid(r0);
getresuid(&r1, &e1, &s1);
fprintf(stdout, "[%d %d %d] -> [ %d %d %d]\n",
r0, e0, s0, r1, e1, s1);
return 0;
}
Compile, chown to root and make setuid:
cc -o t t.c
(as root:
chown root t
chmod u+s ./t
)
as an unprivileged user:
./t
Here's the output:
[1000 0 0] -> [ 1000 1000 1000]
Other related packages:
ii libnss-ldap 261-2.1 NSS module for using LDAP as a naming
ii libsasl2-2 2.1.22.dfsg1-2 Cyrus SASL - authentication
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime librar
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: ia64
Kernel: Linux 2.6.32-trunk-mckinley (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6.1 depends on:
ii libc-bin 2.11.2-2 Embedded GNU C Library: Binaries
ii libgcc1 1:4.4.4-8 GCC support library
libc6.1 recommends no packages.
Versions of packages libc6.1 suggests:
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
pn glibc-doc <none> (no description available)
ii locales 2.11.2-2 Embedded GNU C Library: National L
-- debconf information:
glibc/upgrade: true
glibc/disable-screensaver:
glibc/restart-failed:
* glibc/restart-services: ssh openbsd-inetd exim4 cron autofs
Reply to: