Re: sshd help: setresgid() isn't working
At Thu, 26 May 2005 12:08:03 +0100,
Colin Watson wrote:
> I've fixed all the Hurd build problems in openssh 1:4.0p1-1, which I'll
> be uploading to experimental shortly. However, I still can't get sshd to
> work, and it's beginning to look like a bug in glibc's Hurd support.
>
> sshd's debug log looks like this:
>
> debug3: privsep user:group 101:65534
> debug1: permanently_set_uid: 101/65534
> permanently_set_uid: was able to restore old [e]gid
>
> Now, I'm building this with glibc 2.3.2.ds1-22 that has weak aliases for
> setresuid and setresgid thanks to Michael Banck, so sshd is using those
> functions to switch IDs.
Interesting. I've checked out 4.1p1 and we wouldn't use setres{u,g}id
as debian/rules includes code to make sure BROKEN_SETRES[UG]ID is
defined:
perl -pi -e 's/.*#undef (BROKEN_SETRES[UG]ID).*/#define $$1 1/' build-deb/config.h
When I disable this code, openssh builds and runs correctly (i.e. I
don't get `permanently_set_uid: was able to restore old [e]gid').
The problem is that when we just use setreuid, we don't clear the
saved uid. I am not sure if this is the right thing to do.
> I've attached a reduced test program which does this, and fails.
This doesn't fail on my Hurd box.
# ./setresuid
# ids
effective uids: 0(root)
effective gids: 0(root)
available uids: 0(root) 0(root)
available gids: 0(root) 0(root)
# dpkg -l libc0.3 | grep libc
ii libc0.3 2.3.2.ds1-22 GNU C Library: Shared libraries and Timezone
Thanks,
Neal
Reply to: