From owner-freebsd-testing@FreeBSD.ORG Mon Mar 10 16:13:46 2014 Return-Path: Delivered-To: freebsd-testing@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 16608E3A for ; Mon, 10 Mar 2014 16:13:46 +0000 (UTC) Received: from relay00.pair.com (relay00.pair.com [209.68.5.9]) by mx1.freebsd.org (Postfix) with SMTP id BDF30CA3 for ; Mon, 10 Mar 2014 16:13:45 +0000 (UTC) Received: (qmail 53948 invoked from network); 10 Mar 2014 16:13:37 -0000 Received: from 87.58.146.155 (HELO x2.osted.lan) (87.58.146.155) by relay00.pair.com with SMTP; 10 Mar 2014 16:13:37 -0000 X-pair-Authenticated: 87.58.146.155 Received: from x2.osted.lan (localhost [127.0.0.1]) by x2.osted.lan (8.14.5/8.14.5) with ESMTP id s2AGDbkb003003; Mon, 10 Mar 2014 17:13:37 +0100 (CET) (envelope-from pho@x2.osted.lan) Received: (from pho@localhost) by x2.osted.lan (8.14.5/8.14.5/Submit) id s2AGDbff003002; Mon, 10 Mar 2014 17:13:37 +0100 (CET) (envelope-from pho) Date: Mon, 10 Mar 2014 17:13:37 +0100 From: Peter Holm To: Garrett Cooper Subject: Re: "require.user: unprivileged" retains operator group Message-ID: <20140310161337.GA2811@x2.osted.lan> References: <20140310101620.GA83688@x2.osted.lan> <27ACFD8F-51FD-4ED0-9325-992267964742@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <27ACFD8F-51FD-4ED0-9325-992267964742@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "freebsd-testing@freebsd.org" X-BeenThere: freebsd-testing@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Testing on FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 16:13:46 -0000 On Mon, Mar 10, 2014 at 08:14:01AM -0700, Garrett Cooper wrote: > > > On Mar 10, 2014, at 8:00, Alan Somers wrote: > > > >> On Mon, Mar 10, 2014 at 4:16 AM, Peter Holm wrote: > >> $ kyua test user_test > >> user_test:rootuser -> skipped: Requires root privileges [0.001s] > >> user_test:nonrootuser -> broken: Caught unexpected exception: Tester failed with code 2; this is a bug [0.039s] > >> > >> 1/2 passed (1 failed) > >> Committed action 1 > >> $ su > >> Password: > >> root@x4:/usr/tests/sys/kern # kyua test user_test > >> user_test:rootuser -> passed [0.031s] > >> user_test:nonrootuser -> passed [0.022s] > >> > >> 2/2 passed (0 failed) > >> Committed action 50 > >> root@x4:/usr/tests/sys/kern # kyua debug user_test:rootuser > >> uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) > >> user_test:rootuser -> passed > >> root@x4:/usr/tests/sys/kern # kyua debug user_test:nonrootuser > >> uid=977(tests) gid=65534(nobody) groups=65534(nobody),5(operator) > >> user_test:nonrootuser -> passed > >> root@x4:/usr/tests/sys/kern # > >> > >> http://people.freebsd.org/~pho/user_test.c > >> -- > >> Peter > > > > I can reproduce it. Looks like an upstream bug in Kyua. > > Yes. Unfortunately unless you get the appropriate mode for Kyua, it won't be able to setuid to a lower privilege unless it's run as root.. > Cheers! > -Garrett Guess you both talk about the "Caught unexpected exception" issue? What about the fact that the unprivileged user is member of group "operator"? -- Peter