Bug 209512 - [RHEL4] krb5-workstation : ksu fails on exit
[RHEL4] krb5-workstation : ksu fails on exit
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: krb5 (Show other bugs)
4.4
All Linux
high Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-05 14:28 EDT by Jose Plans
Modified: 2007-11-16 20:14 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007-0238
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-07 18:09:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch fixing the problem (503 bytes, patch)
2006-10-05 14:28 EDT, Jose Plans
no flags Details | Diff

  None (edit)
Description Jose Plans 2006-10-05 14:28:38 EDT
Description of problem:
After upgrading from krb5(1.3.4-27) to krb5(1.3.4-33), when using ksu and
exiting, the user gets the error :
--
[krb_user@dhcp-0-190 root]$ exit
exit
ksu: Operation not permitted while returning to source uid for destroying ccache
--
Checking on the source code, we can see this failure reported in
src/client/ksu/main.c [void sweep_up()]. There is there a condition that is not
right :

       if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {

In fact, seteuid(0) will always fail here unless we are root, or maybe under
other circunstances. After more researches, I've found the following :

* http://mailman.mit.edu/pipermail/kerberos/2006-August/010276.html

Which presents the same solution as the patch attached and seems committed to
1.5.1 too (haven't checked yet).

The solution would be to remove krb5_seteuid(0); from the loop, and if it fails
let it fail silently as we know it will on some circunstances, it is true,
though, that krb5_seteuid(target_uid) *has* to be monitored and has to exit if
failure.

Version-Release number of selected component (if applicable):
1.3.4-33

How reproducible:
Always.

Steps to Reproduce:
1. ksu krb_user
2. exit
  
Actual results:
--
[krb_user@dhcp-0-190 root]$ exit
exit
ksu: Operation not permitted while returning to source uid for destroying ccache
--

Expected results:
exit silently, remove the ccache.

Additional info:
Patch attached.
Comment 1 Jose Plans 2006-10-05 14:28:39 EDT
Created attachment 137837 [details]
Patch fixing the problem
Comment 3 Nalin Dahyabhai 2006-10-05 16:45:23 EDT
The patch as provided matches what upstream's revised patch does, and
it looks correct to me.  There was a little bit of discussion to this
effect toward the end of bug #197818.  FWIW, I wouldn't object to moving
this to be a 4.5 item.

Note to QE and PM: the test for this shakes out to be the test for
CVE-2006-3083 (#197818) with the addition of the case described here.
Comment 4 Toure Dunnon 2006-10-30 15:49:04 EST
Raising the exception on this as it does address a security issue in the kerberos program.
Comment 5 RHEL Product and Program Management 2006-10-30 16:05:45 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 15 Red Hat Bugzilla 2007-05-07 18:09:25 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0238.html

Note You need to log in before you can comment on or make changes to this bug.