sshd help: setresgid() isn't working
I've fixed all the Hurd build problems in openssh 1:4.0p1-1, which I'll
be uploading to experimental shortly. However, I still can't get sshd to
work, and it's beginning to look like a bug in glibc's Hurd support.
sshd's debug log looks like this:
debug3: privsep user:group 101:65534
debug1: permanently_set_uid: 101/65534
permanently_set_uid: was able to restore old [e]gid
Now, I'm building this with glibc 2.3.2.ds1-22 that has weak aliases for
setresuid and setresgid thanks to Michael Banck, so sshd is using those
functions to switch IDs. That means it's doing roughly the following
sequence of libc calls:
old_uid = getuid();
old_gid = getgid();
setresgid(65534, 65534, 65534);
setresuid(101, 101, 101);
setgid(old_gid); /* must fail */
setegid(old_gid); /* must fail */
I've attached a reduced test program which does this, and fails. It
looks to me as if setresgid() is broken. Can somebody with more libc
knowledge than I check this out?
Thanks,
--
Colin Watson [cjwatson@debian.org]
#define _GNU_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
#include <errno.h>
void die (const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
putc('\n', stderr);
exit(1);
}
int main (int argc, char **argv) {
uid_t old_uid = getuid();
gid_t old_gid = getgid();
if (setresgid(65534, 65534, 65534) < 0)
die("setresgid 65534: %s", strerror(errno));
if (setresuid(101, 101, 101) < 0)
die("setresuid 101: %s", strerror(errno));
if (setgid(old_gid) != -1)
die("setgid %u succeeded", (unsigned int) old_gid);
if (setegid(old_gid) != -1)
die("setegid %u succeeded", (unsigned int) old_gid);
if (setuid(old_uid) != -1)
die("setuid %u succeeded", (unsigned int) old_uid);
if (seteuid(old_uid) != -1)
die("seteuid %u succeeded", (unsigned int) old_uid);
return 0;
}
Reply to: