Re: Bug#939898: glibc: setuid/getuid broken on alpha with 2.29-1

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Bug#939898: glibc: setuid/getuid broken on alpha with 2.29-1

John Paul Adrian Glaubitz
Hi!

On 9/9/19 10:49 PM, John Paul Adrian Glaubitz wrote:
> Both on my Alpha XP-1000 as well as inside a qemu-user chroot, upgrading glibc
> to version 2.29-1 resulted in setuid/getuid breaking in a weird way:

To reproduce, one can simply run debootstrap with qemu-user-static installed and
enter the chroot:

root@epyc:/local_scratch> debootstrap --no-check-gpg --arch=alpha --foreign --variant=minbase unstable sid-alpha-sbuild http://ftp.ports.debian.org/debian-ports
(...)
root@epyc:/local_scratch> chroot sid-alpha-sbuild
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
I have no name!@epyc:/local_scratch> ./debootstrap/debootstrap --second-stage
E: debootstrap can only run as root
I have no name!@epyc:/local_scratch>

I assume this would also work on qemu-system-alpha although I haven't tried
yet. But it should work the same way but without the "--foreign" argument.

Adrian

--
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Bug#939898: glibc: setuid/getuid broken on alpha with 2.29-1

Michael Cree
On Mon, Sep 09, 2019 at 11:14:50PM +0200, John Paul Adrian Glaubitz wrote:

> On 9/9/19 10:49 PM, John Paul Adrian Glaubitz wrote:
> > Both on my Alpha XP-1000 as well as inside a qemu-user chroot, upgrading glibc
> > to version 2.29-1 resulted in setuid/getuid breaking in a weird way:
>
> To reproduce, one can simply run debootstrap with qemu-user-static installed and
> enter the chroot:
>
> root@epyc:/local_scratch> debootstrap --no-check-gpg --arch=alpha --foreign --variant=minbase unstable sid-alpha-sbuild http://ftp.ports.debian.org/debian-ports
> (...)
> root@epyc:/local_scratch> chroot sid-alpha-sbuild
> bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
> I have no name!@epyc:/local_scratch> ./debootstrap/debootstrap --second-stage
> E: debootstrap can only run as root
> I have no name!@epyc:/local_scratch>
>
> I assume this would also work on qemu-system-alpha although I haven't tried
> yet. But it should work the same way but without the "--foreign" argument.

What kernel are you running?  Be aware that recent kernels on alpha
(since ecf7e0a4ad15287) now support the getuid and getgid syscalls
that the other arches always have had.  I wonder if glibc has been
updated in anyway for that?  If so, it should be checking kernel
version as to whether to use OSF1 syscall conventions or Linux
syscall conventions.  OSF1 calling conventions should work on any
kernel, whereas Linux calling conventions only on kernels since
v5.1.

Cheers
Michael.

Reply | Threaded
Open this post in threaded view
|

Re: Bug#939898: glibc: setuid/getuid broken on alpha with 2.29-1

John Paul Adrian Glaubitz
Hi!

On 9/10/19 10:52 AM, Michael Cree wrote:

>> I assume this would also work on qemu-system-alpha although I haven't tried
>> yet. But it should work the same way but without the "--foreign" argument.
>
> What kernel are you running?  Be aware that recent kernels on alpha
> (since ecf7e0a4ad15287) now support the getuid and getgid syscalls
> that the other arches always have had.  I wonder if glibc has been
> updated in anyway for that?  If so, it should be checking kernel
> version as to whether to use OSF1 syscall conventions or Linux
> syscall conventions.  OSF1 calling conventions should work on any
> kernel, whereas Linux calling conventions only on kernels since
> v5.1.

Yes, we have already figured out that this happens when the kernel is
too old. According to Aurelien, the problem is that the glibc package
has been built against the kernel 5.3 headers which is why users need
to upgrade their kernel first before upgrading glibc.

Currently fixing tsunami.

Adrian

--
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Bug#939898: glibc: setuid/getuid broken on alpha with 2.29-1

John Paul Adrian Glaubitz
On 9/10/19 11:05 AM, John Paul Adrian Glaubitz wrote:
> Yes, we have already figured out that this happens when the kernel is
> too old. According to Aurelien, the problem is that the glibc package
> has been built against the kernel 5.3 headers which is why users need
> to upgrade their kernel first before upgrading glibc.
>
> Currently fixing tsunami.

I have now kernel 5.2.9-1 and glibc 2.29-1 and logging in still doesn't
work. I type "root" at the login prompt, press enter and it shortly
returns to the login prompt. Logging in through SSH doesn't work either.

Adrian

--
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Bug#939898: glibc: setuid/getuid broken on alpha with 2.29-1

Adhemerval Zanella


On 10/09/2019 07:28, John Paul Adrian Glaubitz wrote:

> On 9/10/19 11:05 AM, John Paul Adrian Glaubitz wrote:
>> Yes, we have already figured out that this happens when the kernel is
>> too old. According to Aurelien, the problem is that the glibc package
>> has been built against the kernel 5.3 headers which is why users need
>> to upgrade their kernel first before upgrading glibc.
>>
>> Currently fixing tsunami.
>
> I have now kernel 5.2.9-1 and glibc 2.29-1 and logging in still doesn't
> work. I type "root" at the login prompt, press enter and it shortly
> returns to the login prompt. Logging in through SSH doesn't work either.
>
> Adrian
>

I have consolidate the set* Linux implementations on dd5905de03bd2
(glibc 2.26), which means that all Linux architectures should use
sysdeps/unix/sysv/linux/setuid.c for setuid and the auto-generated
syscalls for getuid.

Alpha use the linux generic implementation since ever, the
dd5905de03bd2 change it will prioritize to use __NR_setuid32 instead
of __NR_setuid. But since it is not the case for alpha AFAIK it should
not change the code generation. I also checked that the code for
setuid for both glibc 2.25 and glibc 2.31 hasn't change, it issues the
__NR_setuid (23) for both cases.

I am not sure this is an glibc issue in this case.

Reply | Threaded
Open this post in threaded view
|

Re: Bug#939898: glibc: new getegid, geteuid and getppid syscalls used unconditionally on alpha

Aurelien Jarno
control: retitle -1 glibc: new getegid, geteuid and getppid syscalls used unconditionally on alpha

On 2019-09-10 09:27, Adhemerval Zanella wrote:

>
>
> On 10/09/2019 07:28, John Paul Adrian Glaubitz wrote:
> > On 9/10/19 11:05 AM, John Paul Adrian Glaubitz wrote:
> >> Yes, we have already figured out that this happens when the kernel is
> >> too old. According to Aurelien, the problem is that the glibc package
> >> has been built against the kernel 5.3 headers which is why users need
> >> to upgrade their kernel first before upgrading glibc.
> >>
> >> Currently fixing tsunami.
> >
> > I have now kernel 5.2.9-1 and glibc 2.29-1 and logging in still doesn't
> > work. I type "root" at the login prompt, press enter and it shortly
> > returns to the login prompt. Logging in through SSH doesn't work either.
> >
> > Adrian
> >
>
> I have consolidate the set* Linux implementations on dd5905de03bd2
> (glibc 2.26), which means that all Linux architectures should use
> sysdeps/unix/sysv/linux/setuid.c for setuid and the auto-generated
> syscalls for getuid.
>
> Alpha use the linux generic implementation since ever, the
> dd5905de03bd2 change it will prioritize to use __NR_setuid32 instead
> of __NR_setuid. But since it is not the case for alpha AFAIK it should
> not change the code generation. I also checked that the code for
> setuid for both glibc 2.25 and glibc 2.31 hasn't change, it issues the
> __NR_setuid (23) for both cases.

The title of the bug is actually misleading, only getegid, geteuid and
getppid are affected. Let's retitle the bug accordingly.

> I am not sure this is an glibc issue in this case.

This is actually glibc issue, see:
https://sourceware.org/bugzilla/show_bug.cgi?id=24986
https://www.sourceware.org/ml/libc-alpha/2019-09/msg00152.html

--
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
[hidden email]                 http://www.aurel32.net