[OpenAFS] fetchmail / afs / segfault revisited

Nathan Neulinger nneul@umr.edu
Sun, 17 Mar 2002 20:46:07 -0600


> In several different places, I tries to setuid:
> 
> ismene:~/procmail-3.22/src> grep -in setuid *.c
> lockfile.c:72:  if(setuid(uid)||geteuid()!=uid)           /* resist setuid
> operation */
> misc.c:83:/* On systems with `capabilities', setuid/setgid can fail for
> root! */
> misc.c:100:     if(setuid(uid))                              /* "This
> cannot happen" */
> procmail.c:498: setuid(uid);                       /* make sure we have
> enough space */
> setid.c:18:
> if(initgroups(argv[1],p->pw_gid)||setgid(p->pw_gid)||setuid(p->pw_uid))
> 
> You might try removing it's attempts to change UID, and recompile.

However, more destructive than the attempts to setuid() is that call to
initgroups(), which will throw away your PAG (since it's stored in the
auxgroups that initgroups() replaces) if you have one.

So you'd need to disable any groups/uid/gid setting.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216