Bug 1253219

Summary: captest list sys_psacct instead of sys_pacct
Product: Red Hat Enterprise Linux 6 Reporter: Karel Srot <ksrot>
Component: libcap-ngAssignee: Steve Grubb <sgrubb>
Status: CLOSED NEXTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: medium    
Version: 6.6CC: pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1253220 (view as bug list) Environment:
Last Closed: 2016-07-22 11:45:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karel Srot 2015-08-13 09:06:31 UTC 
Description of problem:


captest --drop-caps --text list capability sys_psacct while it should rather be sys_pacct (as listed by capsh --decode)

# uname -a
Linux palava.usersys.redhat.com 2.6.32-573.1.1.el6.x86_64 #1 SMP Tue Jul 14 02:46:51 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
# rpm -q libcap-ng
libcap-ng-0.6.4-3.el6_0.1.x86_64


# captest --drop-caps --text
User  credentials uid:0 euid:0 suid:0
Group credentials gid:0 egid:0 sgid:0
Current capabilities: none
securebits flags: none
Attempting direct access to shadow...FAILED (Permission denied)
Attempting to access shadow by child process...SUCCESS
Attemping to regain root...SUCCESS - PRIVILEGE ESCALATION POSSIBLE
Child User  credentials uid:0 euid:0 suid:0
Child Group credentials gid:0 egid:0 sgid:0
Child Effective: chown, dac_override, dac_read_search, fowner, fsetid, kill, setgid, setuid, setpcap, linux_immutable, net_bind_service, net_broadcast, net_admin, net_raw, ipc_lock, ipc_owner, sys_module, sys_rawio, sys_chroot, sys_ptrace, sys_psacct, sys_admin, sys_boot, sys_nice, sys_resource, sys_time, sys_tty_config, mknod, lease, audit_write, audit_control, setfcap, mac_override, mac_admin
Child Permitted: chown, dac_override, dac_read_search, fowner, fsetid, kill, setgid, setuid, setpcap, linux_immutable, net_bind_service, net_broadcast, net_admin, net_raw, ipc_lock, ipc_owner, sys_module, sys_rawio, sys_chroot, sys_ptrace, sys_psacct, sys_admin, sys_boot, sys_nice, sys_resource, sys_time, sys_tty_config, mknod, lease, audit_write, audit_control, setfcap, mac_override, mac_admin
Child Inheritable: none
Child Bounding Set: chown, dac_override, dac_read_search, fowner, fsetid, kill, setgid, setuid, setpcap, linux_immutable, net_bind_service, net_broadcast, net_admin, net_raw, ipc_lock, ipc_owner, sys_module, sys_rawio, sys_chroot, sys_ptrace, sys_psacct, sys_admin, sys_boot, sys_nice, sys_resource, sys_time, sys_tty_config, mknod, lease, audit_write, audit_control, setfcap, mac_override, mac_admin
Child securebits flags: none
Attempting direct access to shadow...SUCCESS

# capsh --decode=00000003FFFFFFFF
0x00000003ffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin
Comment 1 Steve Grubb 2015-08-13 13:15:46 UTC 
Fixed in upstream commit 82.