[RndTbl] "washing" a fork/exec to force all groups
Trevor Cordes
trevor at tecnopolis.ca
Tue Apr 18 03:59:46 CDT 2023
Poking around I found newgrp and sg, both of which look promising to
"reset" the groups to what the user has in /etc/groups. Especially
since newgrp (and sg which is a link to it) is setuid root.
But alas, after much screwing around, they fail with:
setgroups(2, [1410, 5200]) = -1 EPERM (Operation not permitted)
(thanks strace)
Ok, so hit the source. The program is all happy up until the setgroups
syscall. Which means it understands the user is *allowed* to reset the
groups as per the config of /etc/groups.
https://github.com/shadow-maint/shadow/blob/master/src/newgrp.c
But when it actually does it, the kernel says nope. Ok great, but why
is this? newgrp is running as root at that point, no? (I can't see it
dropping its perms in the src.) As root it should have that CAP that
Gilbert mentioned, no?
I'm bummed because newgrp/sg really looked like the holy grail: a
standard program already in the distros, already with setuid, and will
"do the right thing" for me.
So why doesn't it work?
... I wonder if it works on a pre-capabilities kernel...
More information about the Roundtable
mailing list