exit after auth (root): couldn't change user as non-root
Sebastian Haag
seven at 7labs.de
Wed May 17 04:36:51 WST 2006
Am Dienstag, 16. Mai 2006 17:33 schrieb Matt Johnston:
> That's quite strange. The code in question is:
>
> if (getuid() == 0) {
> if ((setgid(ses.authstate.pw->pw_gid) < 0) ||
> (initgroups(ses.authstate.pw->pw_name,
> ses.authstate.pw->pw_gid) < 0)) {
> dropbear_exit("error changing user group");
> }
> if (setuid(ses.authstate.pw->pw_uid) < 0) {
> dropbear_exit("error changing user");
> }
> } else {
> if (getuid() != ses.authstate.pw->pw_uid) {
> dropbear_exit("couldn't change user as non-root");
> }
> }
>
> so getuid() must not be 0, ie it's not root. That doesn't
> depend on the config files at all as far as I know - it's
> asking it straight from the kernel.
>
> You could change the exit message to
> dropbear_exit("couldn't change user as non-root user %d", getuid());
> and see what it prints - perhaps the emulated environment
> can't emulate root?
>
> Matt
I changed the exit message and got as return value -1. Thats funny cause
getuid() shouldn´t return error codes... ;-)
So I checked my kernel config and found under "General setup" the option
"Enable 16 bit UID calls", activated it and getuid() now works properly.
Thanks a lot
Sebastian
More information about the Dropbear
mailing list