After upgrading to glibc-2.32.9000-19.fc34 my user has no secondary groups (in particular 'wheel' is missing, causing sudo to fail). Downgrading back to 18 and rebooting everything works again. Happy to provide more info...
Kevin, Thanks for bug post. Could you please provide a copy of your /etc/nsswitch.conf? The -19 build brings in some work that DJ did to allow automatic reloading of NSS plugin data. I don't want to ask you to break your system again, but if you're willing it would be informative to see: With -19 installed: * Output of `getent initgroups [username]` * Output of `getent group [number]` where number is the list of groups printed by initgroups query. Then again with -18 installed. Anything special about your configuration?
Created attachment 1737966 [details] nsswitch.conf
Will get the other info in a bit when I can reboot...
FWIW, in Fedora-Rawhide-20201208.n.0, all openQA tests that involve logging in at a console fail. *Graphical* login seems to be working OK. This or some other glibc issue seems like a likely candidate there too, but I'm digging into it now. From the videos, it looks like when the test system types a username into the console login prompt, instead of proceeding to ask for the user's password, it just immediately cycles back to prompting for a username.
'su' and 'sudo su' both segfault after updating to current Rawhide in a VM...
huh, the console login and su crashes I'm seeing don't seem to be glibc after all. At least they persist after downgrading to -18. Now looking for another culprit.
Do note that I had to reboot after downgrading to -18. It didn't start working until after the reboot.
(In reply to Adam Williamson from comment #6) > huh, the console login and su crashes I'm seeing don't seem to be glibc > after all. At least they persist after downgrading to -18. Now looking for > another culprit. pam tries to talk to dbus: 139 if (sd_bus_message_read_basic (m, 'o', &path) < 0) 140 return NULL; But this conditional is wrong, the < 0 doesn't catch the == 0 case for the termination of open-ended array. Then &path is left as NULL and the strdup crashes.
The strdup also seems to be a use-after-free because of the previous sd_bus_message_exit_container call (the path pointer is just borrowed).
The NULL pointer dereference has already been fixed upstream: pam_fprintd: Protect usage of strdup for NULL values https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/944493e47275e8839331a0078a76c704b33a9fd6
(In reply to Florian Weimer from comment #9) > The strdup also seems to be a use-after-free because of the previous > sd_bus_message_exit_container call (the path pointer is just borrowed). This is likely okay because what counts is not the container traversal, but the lifetime of the entire message.
Hah, fprintd was indeed my *next* suspect...:)
So yeah, my issues are fprintd, there were existing bug reports I hadn't found as I was looking at glibc and sssd reports: https://bugzilla.redhat.com/show_bug.cgi?id=1905667 . Sorry for the distraction.
➜ ~ rpm -q glibc; id glibc-2.32.9000-18.fc34.x86_64 uid=1000(kevin) gid=1000(kevin) groups=1000(kevin),10(wheel),135(mock) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ➜ ~ rpm -q glibc; id glibc-2.32.9000-19.fc34.x86_64 uid=1000(kevin) gid=1000(kevin) groups=1000(kevin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
glibc-2.32.9000-19.fc34.x86_64 Enumeration not supported on initgroups You want that with 18? Need to get another reboot window. ;)
Sigh. Sorry for all the updates here. That last bit was supposed to be: ➜ ~ rpm -q glibc; getent initgroups kevin glibc-2.32.9000-19.fc34.x86_64 kevin
Looking through other openQA failures, I do see several showing /usr/lib/polkit-1/polkit-agent-helper-1 segfaulting in glibc, like this: https://openqa.stg.fedoraproject.org/tests/981135#step/_collect_data/6 might be related to Kevin's issue, I guess...
I've confirmed the initgroups bug and I'm working on a fix, independent of any other bugs we might have found ;-)
I'm pushing a fix to -20 that should fix the initgroups bug.
*** Bug 1905774 has been marked as a duplicate of this bug. ***
(In reply to DJ Delorie from comment #19) > I'm pushing a fix to -20 that should fix the initgroups bug. -20 fixed it for me. I couldn't sudo after updating to -19 in a pet container.