Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

suexec failed to setgid
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 199
PostPosted: Wed Mar 06, 2019 1:34 am    Post subject: suexec failed to setgid Reply with quote
I can't figure this one out.

-The group exists

Code:
 # filecap /usr/sbin/suexec
file                 capabilities
/usr/sbin/suexec     setgid, setuid


Code:
 # ls -l /usr/sbin/suexec
-rws--x--- 1 root apache 18680 Sep  5 15:46 /usr/sbin/suexec


Use flag suexec-caps is turned on. The cgi binary meets all the criteria from suexec -V

Any ideas?
Back to top
View user's profile Send private message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 199
PostPosted: Wed Mar 06, 2019 7:41 pm    Post subject: Reply with quote
So it turns out it had something to do with systemd. I had switched to it just to try it. Everything else seemed fine. Switching back to OpenRC fixed it.

Anybody have a guess why this might be?
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23442
PostPosted: Thu Mar 07, 2019 2:19 am    Post subject: Reply with quote
What security features did systemd enable when it started apache? Did it set no-new-privs?
Back to top
View user's profile Send private message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 199
PostPosted: Thu Mar 07, 2019 5:46 pm    Post subject: Reply with quote
How do I check?
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23442
PostPosted: Fri Mar 08, 2019 3:26 am    Post subject: Reply with quote
grep NoNewPrivs /proc/pid-of-affected-process/status
Back to top
View user's profile Send private message
zBrain
Apprentice
Apprentice


Joined: 14 Apr 2006
Posts: 199
PostPosted: Tue Oct 20, 2020 8:08 pm    Post subject: Reply with quote
Necroing my own thread. I have come back to a situation where I need systemd and in searching this issue I found my own thread.

I also found this:
https://forums.gentoo.org/viewtopic-t-1089193-start-0.html

So, I can work around it.

I did file a bug https://bugs.gentoo.org/750470

Just posting this for future people who may search for this issue (which may be future me!)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy