I'm running into quite an odd situation here that I'm having trouble debugging.
Solaris 10 11/06
OpenSSH 3.9p1, 4.5p1 (we roll our own due to some hacks we put in that have
nothing to do with session setup) Privsep on and off have been tried.
The problem I'm running into is this: As of s10u3, if I were to log into a
server and then 'sudo bash' or 'su -' to root, I am unable to reboot the
machine. When I truss the reboot command, the kill() call to init fails with
EPERM. Example:
## Immediately after I log in as a non-priv user:
[daleg at systmp24]~>id -p
uid=46720(daleg) gid=32(general) projid=0(system)
[daleg at systmp24]~>ppriv $$
535: -bash
flags = <0x8300>
E: basic
I: basic
P: basic
L: all
## After I then 'sudo bash' or 'su -' to root:
[root at systmp24]/>id -p
uid=0(root) gid=1(other) projid=0(system)
[root at systmp24]/>ppriv $$
561: bash
flags = <0x8300>
E: all
I: basic
P: all
L: all
[root at systmp24]~>reboot
reboot: can't idle init
I've tried to study the flags of 0x8300 by looking at priv.h, but I couldn't
find anything that matched up to that bit field.
Now, if I log in via ssh or tty console as root directly, flags=<none> and I
can reboot the machine. On a s10u2 or earlier box, if I log in as a
non-privileged user, my shell's flags = <none>, an the same is true after I
sudo/su to root, and I'm able to issue the reboot command.
Something tells me that this has to do with the introduction of Trusted
Extensions in u3, but I can't pin down what knob to turn to get this working
again. Any advice on what it may be or other places to look?
TIA,
/dale
This message posted from opensolaris.org
