lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071022005823.GA13901@thunk.org> Date: Sun, 21 Oct 2007 20:58:23 -0400 From: Theodore Tso <tytso@....edu> To: linux-kernel@...r.kernel.org Cc: "Serge E. Hallyn" <serue@...ibm.com> Subject: Re: Potential regression in -git15: can't resume stopped root shell? On Sat, Oct 20, 2007 at 02:58:06PM -0400, Theodore Tso wrote: > I was testing 2.6.23-git15, and I'm noticing that if I su to root, then > suspend the root shell, and try continue it via "fg", it hangs. The ps > command reports: > > 15806 6386 19 0 4012 wait Ss pts/0 00:00:00 bash > 0 6444 19 0 1232 finish_stop T+ pts/0 00:00:00 /bin/su -p > 0 6445 19 0 3696 finish_stop T pts/0 00:00:00 bash > 15806 6571 19 0 776 pipe_wait S+ pts/1 00:00:00 grep pts/0 > > This works under 2.6.23. I am running Ubuntu Gutsy running in a > gnome-terminal, with bash as my login shell. I can suspend a zsh or > bash shell where I haven't su'ed to root. But if the shell is started > using either su or sudo, when I try to resume it after suspending > using the "suspend" command via "fg", I get a hung shell. > > I haven't had time to bisect it yet, but I thought I'd throw it out > there in case this rings a bell with anybody... OK, I bisected, and it turns out to be a bug, but not a regression. Turns out the responsible commit is: commit b53767719b6cd8789392ea3e7e2eb7b8906898f0 Author: Serge E. Hallyn <serue@...ibm.com> Date: Tue Oct 16 23:31:36 2007 -0700 Implement file posix capabilities Implement file posix capabilities. This allows programs to be given a subset of root's powers regardless of who runs them, without having to use setuid and giving the binary all of root's powers..... Once I turned this up, I turned went back to -git15, and turned off CONFIG_SECURITY_FILE_CAPABILITIES, and the problem went away. Oh, well, I had wanted to try out file capabilities, which is why I had turned the option on, but being able to resume suspended root shells is more important. :-) Serge, can you take a look at this, please? Thanks!! - Ted - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists