Package: libc6.1
Version: 2.11.2-2
Severity: important
After the most recent libc6.1 upgrade, setid programs like sudo and su
have
stopped working.
After testing, it looks as calling getpwuid() calls setuid(), which of
course kills the effective and saved UIDs whereupon sudo can no longer
do its job.
We're running LDAP to a secure server over ldaps.
Here's a test program I wrote to show the problem:
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
main(int argc, char **argv)
{
uid_t r0, e0, s0;
uid_t r1, e1, s1;
getresuid(&r0, &e0, &s0);
getpwuid(r0);
getresuid(&r1, &e1, &s1);
fprintf(stdout, "[%d %d %d] -> [ %d %d %d]\n",
r0, e0, s0, r1, e1, s1);
return 0;
}
Compile, chown to root and make setuid:
cc -o t t.c
(as root:
chown root t
chmod u+s ./t
)
as an unprivileged user:
./t
Here's the output:
[1000 0 0] -> [ 1000 1000 1000]
Other related packages:
ii libnss-ldap 261-2.1 NSS module for using LDAP as a naming
ii libsasl2-2 2.1.22.dfsg1-2 Cyrus SASL - authentication
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime librar