[OpenAFS] fetchmail / afs / segfault revisited

Nathan Neulinger nneul@umr.edu
Sun, 17 Mar 2002 20:49:01 -0600


Nathan Neulinger wrote:
> 
> > In several different places, I tries to setuid:
> >
> > ismene:~/procmail-3.22/src> grep -in setuid *.c
> > lockfile.c:72:  if(setuid(uid)||geteuid()!=uid)           /* resist setuid
> > operation */
> > misc.c:83:/* On systems with `capabilities', setuid/setgid can fail for
> > root! */
> > misc.c:100:     if(setuid(uid))                              /* "This
> > cannot happen" */
> > procmail.c:498: setuid(uid);                       /* make sure we have
> > enough space */
> > setid.c:18:
> > if(initgroups(argv[1],p->pw_gid)||setgid(p->pw_gid)||setuid(p->pw_uid))
> >
> > You might try removing it's attempts to change UID, and recompile.
> 
> However, more destructive than the attempts to setuid() is that call to
> initgroups(), which will throw away your PAG (since it's stored in the
> auxgroups that initgroups() replaces) if you have one.
> 
> So you'd need to disable any groups/uid/gid setting.

Oh, wait, never mind. That might not be the case on some systems. I was
remembering back to problems with arla doing that I think.

-- Nathan

---------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216