From owner-freebsd-testing@FreeBSD.ORG Mon Mar 10 15:14:03 2014 Return-Path: Delivered-To: freebsd-testing@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6C5D443A; Mon, 10 Mar 2014 15:14:03 +0000 (UTC) Received: from mail-pb0-x236.google.com (mail-pb0-x236.google.com [IPv6:2607:f8b0:400e:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3B194665; Mon, 10 Mar 2014 15:14:03 +0000 (UTC) Received: by mail-pb0-f54.google.com with SMTP id ma3so7358028pbc.41 for ; Mon, 10 Mar 2014 08:14:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=iYYw5pMmUvvKS+tPO0FUd802Caq1ZAsSDsvnrBKjjSs=; b=M5BgddOjUR7mU79VOQE7BOqk7FXky2a1kPuuht411dAjEy/7WjhB2z2eCXSkx7g6bs Gk4lcKCbTAZgbUf6Q5zksZrAN+Qim21OWsjfeFDmyGsrg3acnx30l3YcHoBCcg693a0s IvAxILCTxJfpnHixWQ1/oRfIJnr9mcN+GgNRCm6rjYugYhMjaJ8OZ1z6p6arGGt7r0qP 1UNNcJJWxcEjC6NNocOChlEtVCftm5xAa9wObc8yNWxVO0MGDdf1Nqbt1fdu0OE3llv+ RvJNpmokHMs+Tx3PKQNUAGEFSNFehwH+ybZNBhZnLTk7EasD6IeN6k2K3HFNIrX8g57Y IJ4g== X-Received: by 10.68.249.100 with SMTP id yt4mr3984084pbc.165.1394464442812; Mon, 10 Mar 2014 08:14:02 -0700 (PDT) Received: from [192.168.20.11] (c-24-17-226-153.hsd1.wa.comcast.net. [24.17.226.153]) by mx.google.com with ESMTPSA id js7sm66332785pbc.35.2014.03.10.08.14.01 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Mar 2014 08:14:01 -0700 (PDT) References: <20140310101620.GA83688@x2.osted.lan> Mime-Version: 1.0 (1.0) In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <27ACFD8F-51FD-4ED0-9325-992267964742@gmail.com> X-Mailer: iPhone Mail (11B651) From: Garrett Cooper Subject: Re: "require.user: unprivileged" retains operator group Date: Mon, 10 Mar 2014 08:14:01 -0700 To: Alan Somers Cc: "freebsd-testing@freebsd.org" , Peter Holm X-BeenThere: freebsd-testing@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Testing on FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 15:14:03 -0000 > On Mar 10, 2014, at 8:00, Alan Somers wrote: >=20 >> On Mon, Mar 10, 2014 at 4:16 AM, Peter Holm wrote: >> $ kyua test user_test >> user_test:rootuser -> skipped: Requires root privileges [0.001s] >> user_test:nonrootuser -> broken: Caught unexpected exception: Tester fa= iled with code 2; this is a bug [0.039s] >>=20 >> 1/2 passed (1 failed) >> Committed action 1 >> $ su >> Password: >> root@x4:/usr/tests/sys/kern # kyua test user_test >> user_test:rootuser -> passed [0.031s] >> user_test:nonrootuser -> passed [0.022s] >>=20 >> 2/2 passed (0 failed) >> Committed action 50 >> root@x4:/usr/tests/sys/kern # kyua debug user_test:rootuser >> uid=3D0(root) gid=3D0(wheel) groups=3D0(wheel),5(operator) >> user_test:rootuser -> passed >> root@x4:/usr/tests/sys/kern # kyua debug user_test:nonrootuser >> uid=3D977(tests) gid=3D65534(nobody) groups=3D65534(nobody),5(operator) >> user_test:nonrootuser -> passed >> root@x4:/usr/tests/sys/kern # >>=20 >> http://people.freebsd.org/~pho/user_test.c >> -- >> Peter >=20 > I can reproduce it. Looks like an upstream bug in Kyua. Yes. Unfortunately unless you get the appropriate mode for Kyua, it won't be= able to setuid to a lower privilege unless it's run as root.. Cheers! -Garrett=