| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Feb 2008 02:47:56 +0700
From: "BuraphaLinux Server" <buraphalinuxserver@...il.com>
To: serge@...lyn.com
Cc: linux-kernel@...r.kernel.org
Subject: Re: at program breaks with kernel 2.6.24
This is gmail which has broken line wrapping I cannot fix. Anyway, I
did build the new kernel but it still does not work for me. I tried to
strace, but that didn't work for me either. This is as a non-root user
(and same 'at'/'atd' binaries work on 2.6.23.X):
bash-3.2$ at now
warning: commands will be executed using /bin/sh
at> echo "suid is busted"
at> <EOT>
job 4 at Thu Feb 28 02:16:00 2008
Can't signal atd (permission denied)
bash-3.2$ ls -ld $(which at)
-rws--x--x 1 daemon daemon 36468 Jan 11 15:37 /usr/bin/at
bash-3.2$ ps -ef | grep atd
daemon 2874 1 0 02:14 ? 00:00:00 /usr/sbin/atd -b 15 -l 1
bozo 3054 3049 0 02:16 pts/0 00:00:00 grep atd
bash-3.2$ ls -ld /var/spool/at*
drwxrwxrwt 2 daemon daemon 4096 Feb 28 02:16 /var/spool/atjobs
drwx------ 2 daemon daemon 4096 Feb 27 20:02 /var/spool/atspool
bash-3.2$ uname -a
Linux zappaman.cs.buu.ac.th 2.6.25-rc3 #1 SMP Thu Feb 28 01:29:46 ICT
2008 i686 pentium4 i386 GNU/Linux
bash-3.2$ strace -s 99999 -v -o /tmp/pain at now
warning: commands will be executed using /bin/sh
Cannot open lockfile /var/spool/atjobs/.SEQ: Permission denied
bash-3.2$ at now
warning: commands will be executed using /bin/sh
at> echo "hi"
at> <EOT>
job 7 at Thu Feb 28 02:19:00 2008
Can't signal atd (permission denied)
My kenrel .config is big, so it is attached so I don't get any cut and
paste error.
On 2/28/08, serge@...lyn.com <serge@...lyn.com> wrote:
> Quoting BuraphaLinux Server (buraphalinuxserver@...il.com):
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463669
> >
> > I have the same problem - it is not debian specific. Did the
> > semantics of kill() change with the new kernel? I thought as long as
> > something is setuid, even with capability stuff around the setuid
> > programs just get _all_ capabilities and would keep working.
> >
> > I did a good search and found many people with the problem, but no
> > solutions except going back to 2.6.23.x kernels. I guess you'll flame
> > me, but at least include a link to the solution too.
>
> Why would we flame you?
Because maybe I'm doing something stupid and didn't patch/rebuild
something when changing kernels like I should. I haven't had trouble
with at for many years of kernel changes, but 2.6.24 was the first
with the new security stuff and maybe I need to have some
capability-aware 'at' program?
> I'll just apologize as I think it's my fault,
> and ask you to please try the newest available kernel where I believe it
> should be fixed.
Do I need to recompile glibc and the at software to adjust so some
kernel interface changes? Did the 'make oldconfig' generate some bad
config combination? As root it works, so I don't think the at or atd
are broken (but maybe they have to be patched for >2.6.23.X ?)
bash-3.2$ su - root
Password:
BLS #at now
warning: commands will be executed using /bin/sh
at> echo "uh-huh..."
at> <EOT>
job 8 at Thu Feb 28 02:30:00 2008
(and I checked and the job completes normally)
> thanks,
> -serge
Thank you for reading. Any ideas on what to try next?
Download attachment "config-2.6.25-rc3.smp" of type "application/octet-stream" (56746 bytes)
Powered by blists - more mailing lists