Description of problem: After upgrading from krb5(1.3.4-27) to krb5(1.3.4-33), when using ksu and exiting, the user gets the error : -- [krb_user@dhcp-0-190 root]$ exit exit ksu: Operation not permitted while returning to source uid for destroying ccache -- Checking on the source code, we can see this failure reported in src/client/ksu/main.c [void sweep_up()]. There is there a condition that is not right : if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) { In fact, seteuid(0) will always fail here unless we are root, or maybe under other circunstances. After more researches, I've found the following : * http://mailman.mit.edu/pipermail/kerberos/2006-August/010276.html Which presents the same solution as the patch attached and seems committed to 1.5.1 too (haven't checked yet). The solution would be to remove krb5_seteuid(0); from the loop, and if it fails let it fail silently as we know it will on some circunstances, it is true, though, that krb5_seteuid(target_uid) *has* to be monitored and has to exit if failure. Version-Release number of selected component (if applicable): 1.3.4-33 How reproducible: Always. Steps to Reproduce: 1. ksu krb_user 2. exit Actual results: -- [krb_user@dhcp-0-190 root]$ exit exit ksu: Operation not permitted while returning to source uid for destroying ccache -- Expected results: exit silently, remove the ccache. Additional info: Patch attached.
Created attachment 137837 [details] Patch fixing the problem
The patch as provided matches what upstream's revised patch does, and it looks correct to me. There was a little bit of discussion to this effect toward the end of bug #197818. FWIW, I wouldn't object to moving this to be a 4.5 item. Note to QE and PM: the test for this shakes out to be the test for CVE-2006-3083 (#197818) with the addition of the case described here.
Raising the exception on this as it does address a security issue in the kerberos program.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0238.html