Bug 288461 - dev_lock fails with suid applications
dev_lock fails with suid applications
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: lockdev (Show other bugs)
19
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jiri Popelka
Fedora Extras Quality Assurance
http://www.nikhef.nl/~dennisvd/devloc...
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-12 17:03 EDT by Dennis van Dok
Modified: 2013-06-11 23:34 EDT (History)
2 users (show)

See Also:
Fixed In Version: lockdev-1.0.4-0.7.20111007git.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-11 05:03:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test program to exhibit the problem (802 bytes, text/plain)
2007-09-12 17:03 EDT, Dennis van Dok
no flags Details

  None (edit)
Description Dennis van Dok 2007-09-12 17:03:08 EDT
Description of problem:

When a suid root application calls dev_lock on a device that the real user has
no write permissions on, the call fails. This is due to a call to access(2)
which tests for write access; access uses the real uid instead of the effective
uid for this test.

Version-Release number of selected component (if applicable):

All versions 1.0.1 for Red Hat up to EL4 and Fedora up to FC7

How reproducible:

Always

Steps to Reproduce:
1. download http://www.nikhef.nl/~dennisvd/devlocktest.c
2. gcc -o devlocktest devlocktest.c -llockdev
3. (as root) install -m 4111 devlocktest /usr/local/bin/
4. (as user) /usr/local/bin/devlocktest /dev/sda

  
Actual results:
Pid: 9293, Real uid: 585; effective uid: 0.
Trying to lock device: /dev/sda
dev_lock: Permission denied


Expected results:
Pid: 9303, Real uid: 585; effective uid: 0.
Trying to lock device: /dev/sda
success
Unlocking device...
success


Additional info:
The call to access is *not* in the original sources; I inspected the source rpm
and found that the call is introduced in the redhat specific patch
lockdev-1.0.0-rh.patch as of version 1.0.0 in October 2001.

This could be related to #52029.

The upstream version (maintained by Debian) doesn't have this problem.
Comment 1 Dennis van Dok 2007-09-12 17:03:08 EDT
Created attachment 193981 [details]
test program to exhibit the problem
Comment 2 Bug Zapper 2008-05-13 23:13:40 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Bug Zapper 2009-06-09 18:50:04 EDT
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Dennis van Dok 2009-06-10 04:08:35 EDT
Reproduced on CentOS 5.3 x86_64. This should be identical to Red Hat EL 5.3.
Comment 5 Jiri Popelka 2013-03-05 10:35:38 EST
RHEL-5.10 (the next RHEL-5 minor release) is going to be the first production phase 2 [1] release of RHEL-5.
I'm closing this bugzilla as WONTFIX because since phase 2 we'll address only security or critical issues.

[1] https://access.redhat.com/support/policy/updates/errata/
Comment 6 Dennis van Dok 2013-03-05 14:53:25 EST
Well,(In reply to comment #5)
> RHEL-5.10 (the next RHEL-5 minor release) is going to be the first
> production phase 2 [1] release of RHEL-5.
> I'm closing this bugzilla as WONTFIX because since phase 2 we'll address
> only security or critical issues.

Well, this is becoming a bit embarrassing as I've now also reproduced it on fc17 and I would bet it still is reproducible on fc18.
Comment 7 Dennis van Dok 2013-03-05 14:55:46 EST
I cannot change the product for this bug, but it should go to Fedora.
Comment 8 Ondrej Vasik 2013-03-06 04:09:09 EST
Ok, moved to Fedora...
Comment 9 Jiri Popelka 2013-03-06 04:10:39 EST
The problem was discussed upstream
http://lists.alioth.debian.org/pipermail/lockdev-devel/2010-March/000052.html
and this commit
http://lists.alioth.debian.org/pipermail/lockdev-devel/2010-March/000058.html
was supposed to fix it.

Another ticket for this problem is bug #600636.
Comment 10 Fedora End Of Life 2013-04-03 15:53:15 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 11 Fedora Update System 2013-06-04 04:06:44 EDT
lockdev-1.0.4-0.7.20111007git.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lockdev-1.0.4-0.7.20111007git.fc19
Comment 12 Fedora Update System 2013-06-04 22:29:58 EDT
Package lockdev-1.0.4-0.7.20111007git.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing lockdev-1.0.4-0.7.20111007git.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-10002/lockdev-1.0.4-0.7.20111007git.fc19
then log in and leave karma (feedback).
Comment 13 Fedora Update System 2013-06-06 02:45:30 EDT
lockdev-1.0.4-0.6.20111007git.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/lockdev-1.0.4-0.6.20111007git.fc18
Comment 14 Fedora Update System 2013-06-11 05:03:16 EDT
lockdev-1.0.4-0.6.20111007git.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2013-06-11 23:34:10 EDT
lockdev-1.0.4-0.7.20111007git.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.