2012-02-03 21:26:54 |
nutznboltz |
bug |
|
|
added bug |
2012-02-03 21:27:36 |
nutznboltz |
description |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2012-02-03 21:39:58 |
Launchpad Janitor |
gnutls26 (Ubuntu): status |
New |
Confirmed |
|
2012-02-03 21:49:20 |
Launchpad Janitor |
branch linked |
|
lp:~nutznboltz/ubuntu/precise/gnutls26/fix-lp926350 |
|
2012-02-03 22:09:34 |
nutznboltz |
description |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2012-02-03 22:09:47 |
nutznboltz |
tags |
apport-bug i386 precise running-unity |
apport-bug i386 precise running-unity testcase |
|
2012-02-03 22:11:42 |
nutznboltz |
description |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
5. Apply patched version of gnutls26, see attached branch.
6. Attempt to use sudo. You will see expected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
uid=0(root) gid=0(root) groups=0(root)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2012-02-05 00:03:12 |
Dave Gilbert |
gnutls26 (Ubuntu): importance |
Undecided |
High |
|
2012-02-05 02:29:08 |
Hajime Fujita |
bug |
|
|
added subscriber Hajime Fujita |
2012-02-05 02:49:18 |
Yözen Hernández |
bug |
|
|
added subscriber Yözen Hernández |
2012-02-05 17:40:14 |
nutznboltz |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658739 |
|
2012-02-06 16:15:44 |
Vadim Rutkovsky |
bug task added |
|
gnutls26 (Debian) |
|
2012-02-07 23:59:10 |
Bug Watch Updater |
gnutls26 (Debian): status |
Unknown |
New |
|
2012-02-10 13:42:43 |
nutznboltz |
bug |
|
|
added subscriber Colin Watson |
2012-02-10 16:53:55 |
nutznboltz |
tags |
apport-bug i386 precise running-unity testcase |
apport-bug i386 precise regression-update running-unity testcase |
|
2012-02-10 16:54:22 |
nutznboltz |
tags |
apport-bug i386 precise regression-update running-unity testcase |
apport-bug i386 precise regression-release running-unity testcase |
|
2012-02-10 17:23:45 |
nutznboltz |
description |
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
5. Apply patched version of gnutls26, see attached branch.
6. Attempt to use sudo. You will see expected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
uid=0(root) gid=0(root) groups=0(root)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
== Regression details ==
Discovered in version: 12.04 LTS
Last known good version: depends. 9.04 Jaunty the last one before a work-around became necessary. 11.10 was the last one that worked when you used the work-around.
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
5. Apply patched version of gnutls26, see attached branch.
6. Attempt to use sudo. You will see expected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
uid=0(root) gid=0(root) groups=0(root)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2012-02-10 17:32:49 |
nutznboltz |
description |
== Regression details ==
Discovered in version: 12.04 LTS
Last known good version: depends. 9.04 Jaunty the last one before a work-around became necessary. 11.10 was the last one that worked when you used the work-around.
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
5. Apply patched version of gnutls26, see attached branch.
6. Attempt to use sudo. You will see expected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
uid=0(root) gid=0(root) groups=0(root)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
== Regression details ==
Discovered in version: 2.12.14-5ubuntu2 (Ubuntu 12.04 LTS)
Last known good version: 2.10.5-1ubuntu3 (Ubuntu 11.10)
Note that a work-around was required by libgnutls26 2.10.5-1ubuntu3 and
that work-around started to be required by an earlier version and stopped
helping when 2.12.14-5ubuntu2 is used.
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL, see
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
for details.
2. Install Ubuntu 12.04 and configure it to be an LDAP client that connects via to its LDAP server via SSL.
3. Log into the Ubuntu 12.04 created in step using an LDAP account not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/nutz/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
nutz@dubnium:~$
5. Apply patched version of gnutls26, see attached branch.
6. Attempt to use sudo. You will see expected results:
nutz@dubnium:~$ sudo id
[sudo] password for nutz:
uid=0(root) gid=0(root) groups=0(root)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls26 2.12.14-5ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-12.21-generic 3.2.2
Uname: Linux 3.2.0-12-generic i686
ApportVersion: 1.91-0ubuntu1
Architecture: i386
Date: Fri Feb 3 16:22:47 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls26
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2012-03-18 17:59:17 |
Dominic Gross |
bug |
|
|
added subscriber Dominic Groß |
2012-03-26 11:51:04 |
Lauri Tirkkonen |
bug |
|
|
added subscriber Lauri Tirkkonen |
2012-04-02 15:08:20 |
Peter Matulis |
bug |
|
|
added subscriber Peter Matulis |
2012-04-06 20:57:41 |
David Wolfe |
bug |
|
|
added subscriber David Wolfe |
2012-04-07 09:41:08 |
Ool |
bug |
|
|
added subscriber Ool |
2012-04-13 16:55:05 |
Ken Bowley |
bug |
|
|
added subscriber Ken Bowley |
2012-04-15 09:50:15 |
Shaun Maher |
bug |
|
|
added subscriber Shaun Maher |
2012-04-18 16:03:10 |
Patrick Beckmann |
bug |
|
|
added subscriber Patrick |
2012-04-24 13:44:31 |
Martin Soentgenrath |
bug |
|
|
added subscriber Martin Soentgenrath |
2012-04-24 14:41:20 |
Thorsten Glaser |
marked as duplicate |
|
423252 |
|
2012-04-25 13:01:52 |
Philipp Wendler |
bug |
|
|
added subscriber Philipp Wendler |
2012-04-25 14:12:32 |
Olaf Lessenich |
bug |
|
|
added subscriber Olaf Lessenich |
2012-04-25 14:52:26 |
Olaf Lessenich |
removed subscriber Olaf Lessenich |
|
|
|
2012-04-25 14:53:20 |
Olaf Lessenich |
bug |
|
|
added subscriber Olaf Lessenich |
2012-05-02 08:31:44 |
fs-physik-bielefeld |
bug |
|
|
added subscriber fs-physik-bielefeld |
2012-05-08 22:06:13 |
Jordan Evans |
bug |
|
|
added subscriber Jordan Evans |
2012-05-10 19:11:44 |
Michael Spink |
bug |
|
|
added subscriber Michael Spink |
2012-05-15 18:26:45 |
Alejandro Blanco |
bug |
|
|
added subscriber Alejandro Blanco |
2012-05-16 16:29:50 |
canofspam3 |
bug |
|
|
added subscriber Pat Cannon |
2012-05-17 11:55:14 |
Bhavik Kumar |
bug |
|
|
added subscriber Bhavik Kumar |
2012-05-21 16:28:10 |
Patrick Welche |
bug |
|
|
added subscriber Patrick Welche |
2012-05-24 04:10:16 |
Kevin Hochhalter |
bug |
|
|
added subscriber Kevin Hochhalter |
2012-06-01 20:20:38 |
Preston Wiley |
bug |
|
|
added subscriber Preston Wiley |
2012-09-21 14:47:27 |
Adam Stokes |
nominated for series |
|
Ubuntu Precise |
|
2012-09-21 14:47:27 |
Adam Stokes |
nominated for series |
|
Ubuntu Quantal |
|
2012-11-12 14:33:12 |
raffis |
information type |
Public |
Public Security |
|
2012-11-12 14:33:24 |
raffis |
bug |
|
|
added subscriber Raffael Sahli |
2012-11-12 14:39:31 |
raffis |
information type |
Public Security |
Public |
|
2013-01-23 22:46:28 |
carloslp |
bug |
|
|
added subscriber carloslp |
2013-03-05 20:53:39 |
Paul Boven |
bug |
|
|
added subscriber Paul Boven |