Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
suexec failed to setgid
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
zBrain
Tux's lil' helper
Tux's lil' helper


Joined: 14 Apr 2006
Posts: 147

PostPosted: Wed Mar 06, 2019 1:34 am    Post subject: suexec failed to setgid Reply with quote

I can't figure this one out.

-The group exists

Code:
 # filecap /usr/sbin/suexec
file                 capabilities
/usr/sbin/suexec     setgid, setuid


Code:
 # ls -l /usr/sbin/suexec
-rws--x--- 1 root apache 18680 Sep  5 15:46 /usr/sbin/suexec


Use flag suexec-caps is turned on. The cgi binary meets all the criteria from suexec -V

Any ideas?
Back to top
View user's profile Send private message
zBrain
Tux's lil' helper
Tux's lil' helper


Joined: 14 Apr 2006
Posts: 147

PostPosted: Wed Mar 06, 2019 7:41 pm    Post subject: Reply with quote

So it turns out it had something to do with systemd. I had switched to it just to try it. Everything else seemed fine. Switching back to OpenRC fixed it.

Anybody have a guess why this might be?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13496

PostPosted: Thu Mar 07, 2019 2:19 am    Post subject: Reply with quote

What security features did systemd enable when it started apache? Did it set no-new-privs?
Back to top
View user's profile Send private message
zBrain
Tux's lil' helper
Tux's lil' helper


Joined: 14 Apr 2006
Posts: 147

PostPosted: Thu Mar 07, 2019 5:46 pm    Post subject: Reply with quote

How do I check?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13496

PostPosted: Fri Mar 08, 2019 3:26 am    Post subject: Reply with quote

grep NoNewPrivs /proc/pid-of-affected-process/status
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum