[OpenAFS] fetchmail / afs / segfault revisited
Nathan Neulinger
nneul@umr.edu
Sun, 17 Mar 2002 20:49:01 -0600
Nathan Neulinger wrote:
>
> > In several different places, I tries to setuid:
> >
> > ismene:~/procmail-3.22/src> grep -in setuid *.c
> > lockfile.c:72: if(setuid(uid)||geteuid()!=uid) /* resist setuid
> > operation */
> > misc.c:83:/* On systems with `capabilities', setuid/setgid can fail for
> > root! */
> > misc.c:100: if(setuid(uid)) /* "This
> > cannot happen" */
> > procmail.c:498: setuid(uid); /* make sure we have
> > enough space */
> > setid.c:18:
> > if(initgroups(argv[1],p->pw_gid)||setgid(p->pw_gid)||setuid(p->pw_uid))
> >
> > You might try removing it's attempts to change UID, and recompile.
>
> However, more destructive than the attempts to setuid() is that call to
> initgroups(), which will throw away your PAG (since it's stored in the
> auxgroups that initgroups() replaces) if you have one.
>
> So you'd need to disable any groups/uid/gid setting.
Oh, wait, never mind. That might not be the case on some systems. I was
remembering back to problems with arla doing that I think.
-- Nathan
---------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216