[MacPorts] #40644: sudo: fails to switch to other user than root

MacPorts noreply at macports.org
Wed Oct 2 14:52:25 PDT 2013 

#40644: sudo: fails to switch to other user than root
------------------------------+--------------------------------
  Reporter:  Peter.Danecek@…  |      Owner:  macports-tickets@…
      Type:  defect           |     Status:  new
  Priority:  Normal           |  Milestone:
 Component:  ports            |    Version:
Resolution:                   |   Keywords:
      Port:  sudo             |
------------------------------+--------------------------------

Comment (by raimue@…):

 I did some testing and the older version 1.7.7 did still work using the
 [browser:trunk/dports/sysutils/sudo/Portfile?rev=103947 Portfile version]
 before r103948. I guess upstream sudo 1.8 changed anything that causes
 this to stop working now:

 Here is an excerpt from an analysis on sudo @1.8.8_1 using `sudo dtruss -f
 /opt/local/bin/sudo -u macports id` showing the failing `setuid` syscall:
 {{{
 57598/0x12e774:  fork()          = 0 0
 57598/0x12e774:  thread_selfid(0x7FFF75C73180, 0x0, 0x1)                 =
 1238900 0
 57598/0x12e774:  getpid(0x320000003303, 0x330000003300, 0x7FFF75C62888)
 = 57598 0
 57598/0x12e774:  close(0x3)              = 0 0
 57598/0x12e774:  close(0x4)              = 0 0
 57598/0x12e774:  close(0x5)              = 0 0
 57598/0x12e774:  fcntl(0x6, 0x2, 0x1)            = 0 0
 57598/0x12e774:  setgroups(0x3, 0x7FFBF0C21E80, 0x0)             = 0 0
 57598/0x12e774:  setgid(0x1F5, 0x0, 0x0)                 = 0 0
 57598/0x12e774:  umask(0x3F, 0x0, 0x0)           = 63 0
 57598/0x12e774:  seteuid(0x1F6, 0x0, 0x0)                = 0 0
 57598/0x12e774:  setuid(0x1F6, 0x0, 0x0)                 = -1 Err#1
 57598/0x12e774:
 open("/opt/local/share/locale/en_US.UTF-8/LC_MESSAGES/sudo.mo\0", 0x0,
 0x10D2AB3D0)             = -1 Err#2
 57598/0x12e774:
 open("/opt/local/share/locale/en_US.utf8/LC_MESSAGES/sudo.mo\0", 0x0,
 0x10D2AB3D0)              = -1 Err#2
 57598/0x12e774:
 open("/opt/local/share/locale/en_US/LC_MESSAGES/sudo.mo\0", 0x0,
 0x10D2AB3D0)           = -1 Err#2
 57598/0x12e774:
 open("/opt/local/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo\0", 0x0,
 0x10D2AB3D0)                = -1 Err#2
 57598/0x12e774:
 open("/opt/local/share/locale/en.utf8/LC_MESSAGES/sudo.mo\0", 0x0,
 0x10D2AB3D0)                 = -1 Err#2
 57598/0x12e774:  open("/opt/local/share/locale/en/LC_MESSAGES/sudo.mo\0",
 0x0, 0x10D2AB3D0)              = -1 Err#2
 57598/0x12e774:  write_nocancel(0x2, "sudo: unable to change to runas uid
 (502, 502): Operation not permitted\n\0", 0x48)                = 72 0
 ...
 }}}

 In sudo @1.7.7_0, only `setuid(502)` is called at this point without any
 `seteuid(502)` before. The full log files from my system are attached.

-- 
Ticket URL: <https://trac.macports.org/ticket/40644#comment:3>
MacPorts <http://www.macports.org/>
Ports system for OS X

More information about the macports-tickets mailing list