[Bug 957519] [NEW] auditctl uses wrong syscall to determine uid

Fri, 16 Mar 2012 16:15:42 -0700 

Public bug reported:

The short story is we have a setuid helper that tries to execute
auditctl.

Example:

antarus@goats2 /tmp $ cat foo.c
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

int main(int argc, char ** argv) {
  printf("%d\n", getuid());
  printf("%d\n", geteuid());
  execl("/sbin/auditctl", "/sbin/auditctl", "-l", (char*)NULL);
}

antarus@goats2 /tmp $ sudo gcc foo.c -o foo
antarus@goats2 /tmp $ sudo chown root:root foo
antarus@goats2 /tmp $ sudo chmod +x foo
antarus@goats2 /tmp $ sudo chmod u+s foo
antarus@goats2 /tmp $ ./foo
505 <- my uid
0 <- root euid
You must be root to run this program. <- failed code.

LSB Version:    
core-2.0-amd64:core-2.0-noarch:core-3.0-amd64:core-3.0-noarch:core-3.1-amd64:core-3.1-noarch:core-3.2-amd64:core-3.2-noarch:core-4.0-amd64:core-4.0-noarch:cxx-3.0-amd64:cxx-3.0-noarch:cxx-3.1-amd64:cxx-3.1-noarch:cxx-3.2-amd64:cxx-3.2-noarch:cxx-4.0-amd64:cxx-4.0-noarch:desktop-3.1-amd64:desktop-3.1-noarch:desktop-3.2-amd64:desktop-3.2-noarch:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.0-amd64:graphics-3.0-noarch:graphics-3.1-amd64:graphics-3.1-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-3.2-amd64:printing-3.2-noarch:printing-4.0-amd64:printing-4.0-noarch:qt4-3.1-amd64:qt4-3.1-noarch
Distributor ID: Ubuntu
Description:    Ubuntu 10.04.2 LTS
Release:        10.04
Codename:       lucid

antarus@goats2 /tmp $ apt-cache policy auditd
auditd:
  Installed: 1.7.13-1ubuntu2
  Candidate: 1.7.13-1ubuntu2

This bug is also present on precise:

antarus@antarus-precise:/tmp/audit-1.7.18/src$ apt-cache policy auditd
auditd:
  Installed: 1.7.18-1ubuntu1
  Candidate: 1.7.18-1ubuntu1

Even auditd trunk is affected:
https://fedorahosted.org/audit/browser/trunk/src/auditctl.c

** Affects: audit (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/957519

Title:
  auditctl uses wrong syscall to determine uid

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/957519/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to