Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Mar 2014 17:13:37 +0100
From:      Peter Holm <peter@holm.cc>
To:        Garrett Cooper <yaneurabeya@gmail.com>
Cc:        "freebsd-testing@freebsd.org" <freebsd-testing@freebsd.org>
Subject:   Re: "require.user: unprivileged" retains operator group
Message-ID:  <20140310161337.GA2811@x2.osted.lan>
In-Reply-To: <27ACFD8F-51FD-4ED0-9325-992267964742@gmail.com>
References:  <20140310101620.GA83688@x2.osted.lan> <CAOtMX2jwEC9_vAuALsJ-ci5Tjk2LrPdKX_EtnaoS-M204f2kGw@mail.gmail.com> <27ACFD8F-51FD-4ED0-9325-992267964742@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Mar 10, 2014 at 08:14:01AM -0700, Garrett Cooper wrote:
> 
> > On Mar 10, 2014, at 8:00, Alan Somers <asomers@freebsd.org> wrote:
> > 
> >> On Mon, Mar 10, 2014 at 4:16 AM, Peter Holm <peter@holm.cc> wrote:
> >> $ kyua test user_test
> >> user_test:rootuser  ->  skipped: Requires root privileges  [0.001s]
> >> user_test:nonrootuser  ->  broken: Caught unexpected exception: Tester failed with code 2; this is a bug  [0.039s]
> >> 
> >> 1/2 passed (1 failed)
> >> Committed action 1
> >> $ su
> >> Password:
> >> root@x4:/usr/tests/sys/kern # kyua test user_test
> >> user_test:rootuser  ->  passed  [0.031s]
> >> user_test:nonrootuser  ->  passed  [0.022s]
> >> 
> >> 2/2 passed (0 failed)
> >> Committed action 50
> >> root@x4:/usr/tests/sys/kern # kyua debug user_test:rootuser
> >> uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
> >> user_test:rootuser  ->  passed
> >> root@x4:/usr/tests/sys/kern # kyua debug user_test:nonrootuser
> >> uid=977(tests) gid=65534(nobody) groups=65534(nobody),5(operator)
> >> user_test:nonrootuser  ->  passed
> >> root@x4:/usr/tests/sys/kern #
> >> 
> >> http://people.freebsd.org/~pho/user_test.c
> >> --
> >> Peter
> > 
> > I can reproduce it.  Looks like an upstream bug in Kyua.
> 
> Yes. Unfortunately unless you get the appropriate mode for Kyua, it won't be able to setuid to a lower privilege unless it's run as root..
> Cheers!
> -Garrett

Guess you both talk about the "Caught unexpected exception" issue?
What about the fact that the unprivileged user is member of group
"operator"?

-- 
Peter

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140310161337.GA2811>