Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1746248 Details for
Bug 1914908
rpm -a --setugids removes sticky bit
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
terminal log
2021-01-11-suid.txt (text/plain), 9.74 KB, created by
Dominik Holler
on 2021-01-11 13:12:23 UTC
(
hide
)
Description:
terminal log
Filename:
MIME Type:
Creator:
Dominik Holler
Created:
2021-01-11 13:12:23 UTC
Size:
9.74 KB
patch
obsolete
>[dominik@t460p ~]$ ssh -v user@tarox0 >OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020 >debug1: Reading configuration data /home/dominik/.ssh/config >debug1: Reading configuration data /etc/ssh/ssh_config >debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf >debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config >debug1: configuration requests final Match pass >debug1: re-parsing configuration >debug1: Reading configuration data /home/dominik/.ssh/config >debug1: Reading configuration data /etc/ssh/ssh_config >debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf >debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config >debug1: Connecting to tarox0 [192.168.178.82] port 22. >debug1: Connection established. >debug1: identity file /home/dominik/.ssh/id_rsa type 0 >debug1: identity file /home/dominik/.ssh/id_rsa-cert type -1 >debug1: identity file /home/dominik/.ssh/id_dsa type -1 >debug1: identity file /home/dominik/.ssh/id_dsa-cert type -1 >debug1: identity file /home/dominik/.ssh/id_ecdsa type -1 >debug1: identity file /home/dominik/.ssh/id_ecdsa-cert type -1 >debug1: identity file /home/dominik/.ssh/id_ecdsa_sk type -1 >debug1: identity file /home/dominik/.ssh/id_ecdsa_sk-cert type -1 >debug1: identity file /home/dominik/.ssh/id_ed25519 type -1 >debug1: identity file /home/dominik/.ssh/id_ed25519-cert type -1 >debug1: identity file /home/dominik/.ssh/id_ed25519_sk type -1 >debug1: identity file /home/dominik/.ssh/id_ed25519_sk-cert type -1 >debug1: identity file /home/dominik/.ssh/id_xmss type -1 >debug1: identity file /home/dominik/.ssh/id_xmss-cert type -1 >debug1: Local version string SSH-2.0-OpenSSH_8.4 >debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 >debug1: match: OpenSSH_7.4 pat OpenSSH_7.4* compat 0x04000006 >debug1: Authenticating to tarox0:22 as 'user' >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug1: kex: algorithm: curve25519-sha256 >debug1: kex: host key algorithm: ecdsa-sha2-nistp256 >debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none >debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none >debug1: kex: curve25519-sha256 need=32 dh_need=32 >debug1: kex: curve25519-sha256 need=32 dh_need=32 >debug1: expecting SSH2_MSG_KEX_ECDH_REPLY >debug1: Server host key: ecdsa-sha2-nistp256 SHA256:253ZDUHNpzw3eikBhrdy2pkhKT6Gl+GEq+NhCdD9L0A >debug1: Host 'tarox0' is known and matches the ECDSA host key. >debug1: Found key in /home/dominik/.ssh/known_hosts:1 >debug1: rekey out after 4294967296 blocks >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug1: SSH2_MSG_NEWKEYS received >debug1: rekey in after 4294967296 blocks >debug1: Will attempt key: /home/dominik/.ssh/id_rsa RSA SHA256:Tg0wm8Hf5Gptx0q+HxT2XeKK59+xzpxRCn+aRQIt35M agent >debug1: Will attempt key: /home/dominik/.ssh/id_dsa >debug1: Will attempt key: /home/dominik/.ssh/id_ecdsa >debug1: Will attempt key: /home/dominik/.ssh/id_ecdsa_sk >debug1: Will attempt key: /home/dominik/.ssh/id_ed25519 >debug1: Will attempt key: /home/dominik/.ssh/id_ed25519_sk >debug1: Will attempt key: /home/dominik/.ssh/id_xmss >debug1: SSH2_MSG_EXT_INFO received >debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> >debug1: SSH2_MSG_SERVICE_ACCEPT received >debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password >debug1: Next authentication method: gssapi-with-mic >debug1: Unspecified GSS failure. Minor code may provide more information >Server krbtgt/FRITZ.BOX@REDHAT.COM not found in Kerberos database > > >debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password >debug1: Next authentication method: publickey >debug1: Offering public key: /home/dominik/.ssh/id_rsa RSA SHA256:Tg0wm8Hf5Gptx0q+HxT2XeKK59+xzpxRCn+aRQIt35M agent >debug1: Server accepts key: /home/dominik/.ssh/id_rsa RSA SHA256:Tg0wm8Hf5Gptx0q+HxT2XeKK59+xzpxRCn+aRQIt35M agent >debug1: Authentication succeeded (publickey). >Authenticated to tarox0 ([192.168.178.82]:22). >debug1: channel 0: new [client-session] >debug1: Requesting no-more-sessions@openssh.com >debug1: Entering interactive session. >debug1: pledge: network >debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 >debug1: Sending environment. >debug1: Sending env XMODIFIERS = @im=none >debug1: Sending env LANG = en_US.UTF-8 >Last login: Mon Jan 11 04:32:11 2021 from t460p.fritz.box >[user@tarox0 ~]$ cd /data/libvirt/images/ >[user@tarox0 images]$ ~/scripts/newCloudVm.sh suidtest >+ '[' -n suidtest ']' >+ name=suidtest >+ rootpassword=123456 >+ osvariant=rhel8.0 >+ partition=sda1 >+ '[' rhel8.0 == fedora27 ']' >+ '[' rhel8.0 == test ']' >+ '[' rhel8.0 == centos7.0 ']' >+ '[' rhel8.0 == rhel8.0 ']' >+ '[' 1 ']' >+ mirror=https://cloud.centos.org/centos/8/x86_64/images/ >+ origfile=CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 >+ partition=sda1 >+ export LIBGUESTFS_PATH=/home/user/appliance >+ LIBGUESTFS_PATH=/home/user/appliance >+ URI=qemu:///system >+ wget -nc https://cloud.centos.org/centos/8/x86_64/images//CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 >File âCentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2â already there; not retrieving. > >+ virt-customize -a CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 --update >[ 0.0] Examining the guest ... >[ 4.2] Setting a random seed >[ 4.2] Updating packages >[ 5.7] Finishing off >+ image=suidtest.img >+ truncate -s 40G suidtest.img >+ virt-resize --expand /dev/sda1 CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 suidtest.img >[ 0.0] Examining CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 >********** > >Summary of changes: > >/dev/sda1: This partition will be resized from 7.8G to 40.0G. The >filesystem xfs on /dev/sda1 will be expanded using the âxfs_growfsâ >method. > >********** >[ 1.7] Setting up initial partition table on suidtest.img >[ 2.2] Copying /dev/sda1 > 100% â¦âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ⧠00:00 >[ 11.5] Expanding /dev/sda1 using the âxfs_growfsâ method > >Resize operation completed with no errors. Before deleting the old disk, >carefully check that the resized disk boots and works correctly. >+ virt-customize -a suidtest.img --root-password password:123456 --ssh-inject root --selinux-relabel --hostname suidtest --timezone Europe/Berlin --uninstall cloud-init,kexec-tools,postfix >[ 0.0] Examining the guest ... >[ 4.0] Setting a random seed >[ 4.0] SSH key inject: root >[ 4.9] Setting the hostname: suidtest >[ 4.9] Setting the timezone: Europe/Berlin >[ 4.9] Uninstalling packages: cloud-init kexec-tools postfix >[ 8.4] Setting passwords >[ 9.1] SELinux relabelling >[ 18.1] Finishing off >+ [[ -n '' ]] >+ mem=2560,maxmemory=8192 >+ sleep 22 >+ virt-install --name suidtest --os-type=linux --os-variant=rhel8.0 --vcpus 4,maxvcpus=8 --cpu host --memory 2560,maxmemory=8192 --rng /dev/urandom --import --disk suidtest.img --noautoconsole --network network=default --connect qemu:///system > >Starting install... >Domain creation completed. >+ virsh -c qemu:///system domifaddr suidtest --source agent > Name MAC address Protocol Address >------------------------------------------------------------------------------- > lo 00:00:00:00:00:00 ipv4 127.0.0.1/8 > - - ipv6 ::1/128 > eth0 52:54:00:f6:98:4d ipv4 192.168.122.34/24 > - - ipv6 fe80::5054:ff:fef6:984d/64 > >[user@tarox0 images]$ ssh -o stricthostkeychecking=no root@192.168.122.34 >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! >Someone could be eavesdropping on you right now (man-in-the-middle attack)! >It is also possible that a host key has just been changed. >The fingerprint for the ECDSA key sent by the remote host is >SHA256:fwmLfr5zl2FyVJm//qENN8o2Xj0F0DHazr8eJUvfDYc. >Please contact your system administrator. >Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. >Offending ECDSA key in /home/user/.ssh/known_hosts:179 >Password authentication is disabled to avoid man-in-the-middle attacks. >Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. >Activate the web console with: systemctl enable --now cockpit.socket > >[root@suidtest ~]# which sudo >/usr/bin/sudo >[root@suidtest ~]# ls -l /usr/bin/sudo >---s--x--x. 1 root root 165608 May 18 2020 /usr/bin/sudo >[root@suidtest ~]# /usr/bin/sudo >usage: sudo -h | -K | -k | -V >usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user] >usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] > [command] >usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p > prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>] >usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p > prompt] [-T timeout] [-u user] file ... >[root@suidtest ~]# rpm -a --setugids >[root@suidtest ~]# ls -l /usr/bin/sudo >---x--x--x. 1 root root 165608 May 18 2020 /usr/bin/sudo >[root@suidtest ~]# /usr/bin/sudo >usage: sudo -h | -K | -k | -V >usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user] >usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] > [command] >usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p > prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>] >usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p > prompt] [-T timeout] [-u user] file ... >[root@suidtest ~]# >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1746248">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1914908
: 1746248