Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
suexec failed to setgid
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 153

PostPosted: Wed Mar 06, 2019 1:34 am    Post subject: suexec failed to setgid Reply with quote

I can't figure this one out.

-The group exists

Code:
 # filecap /usr/sbin/suexec
file                 capabilities
/usr/sbin/suexec     setgid, setuid


Code:
 # ls -l /usr/sbin/suexec
-rws--x--- 1 root apache 18680 Sep  5 15:46 /usr/sbin/suexec


Use flag suexec-caps is turned on. The cgi binary meets all the criteria from suexec -V

Any ideas?
Back to top
View user's profile Send private message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 153

PostPosted: Wed Mar 06, 2019 7:41 pm    Post subject: Reply with quote

So it turns out it had something to do with systemd. I had switched to it just to try it. Everything else seemed fine. Switching back to OpenRC fixed it.

Anybody have a guess why this might be?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16206

PostPosted: Thu Mar 07, 2019 2:19 am    Post subject: Reply with quote

What security features did systemd enable when it started apache? Did it set no-new-privs?
Back to top
View user's profile Send private message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 153

PostPosted: Thu Mar 07, 2019 5:46 pm    Post subject: Reply with quote

How do I check?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16206

PostPosted: Fri Mar 08, 2019 3:26 am    Post subject: Reply with quote

grep NoNewPrivs /proc/pid-of-affected-process/status
Back to top
View user's profile Send private message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 153

PostPosted: Tue Oct 20, 2020 8:08 pm    Post subject: Reply with quote

Necroing my own thread. I have come back to a situation where I need systemd and in searching this issue I found my own thread.

I also found this:
https://forums.gentoo.org/viewtopic-t-1089193-start-0.html

So, I can work around it.

I did file a bug https://bugs.gentoo.org/750470

Just posting this for future people who may search for this issue (which may be future me!)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum