Re: at program breaks with kernel 2.6.24

From: serge
Date: Wed Feb 27 2008 - 22:04:24 EST


Quoting BuraphaLinux Server (buraphalinuxserver@xxxxxxxxx):
> This is gmail which has broken line wrapping I cannot fix. Anyway, I
> did build the new kernel but it still does not work for me. I tried to
> strace, but that didn't work for me either. This is as a non-root user
> (and same 'at'/'atd' binaries work on 2.6.23.X):
>
> bash-3.2$ at now
> warning: commands will be executed using /bin/sh
> at> echo "suid is busted"
> at> <EOT>
> job 4 at Thu Feb 28 02:16:00 2008
> Can't signal atd (permission denied)
> bash-3.2$ ls -ld $(which at)
> -rws--x--x 1 daemon daemon 36468 Jan 11 15:37 /usr/bin/at
> bash-3.2$ ps -ef | grep atd
> daemon 2874 1 0 02:14 ? 00:00:00 /usr/sbin/atd -b 15 -l 1
> bozo 3054 3049 0 02:16 pts/0 00:00:00 grep atd
> bash-3.2$ ls -ld /var/spool/at*
> drwxrwxrwt 2 daemon daemon 4096 Feb 28 02:16 /var/spool/atjobs
> drwx------ 2 daemon daemon 4096 Feb 27 20:02 /var/spool/atspool
> bash-3.2$ uname -a
> Linux zappaman.cs.buu.ac.th 2.6.25-rc3 #1 SMP Thu Feb 28 01:29:46 ICT
> 2008 i686 pentium4 i386 GNU/Linux
> bash-3.2$ strace -s 99999 -v -o /tmp/pain at now
> warning: commands will be executed using /bin/sh
> Cannot open lockfile /var/spool/atjobs/.SEQ: Permission denied
> bash-3.2$ at now
> warning: commands will be executed using /bin/sh
> at> echo "hi"
> at> <EOT>
> job 7 at Thu Feb 28 02:19:00 2008
> Can't signal atd (permission denied)
>
> My kenrel .config is big, so it is attached so I don't get any cut and
> paste error.
>
> On 2/28/08, serge@xxxxxxxxxx <serge@xxxxxxxxxx> wrote:
> > Quoting BuraphaLinux Server (buraphalinuxserver@xxxxxxxxx):
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463669
> > >
> > > I have the same problem - it is not debian specific. Did the
> > > semantics of kill() change with the new kernel? I thought as long as
> > > something is setuid, even with capability stuff around the setuid
> > > programs just get _all_ capabilities and would keep working.
> > >
> > > I did a good search and found many people with the problem, but no
> > > solutions except going back to 2.6.23.x kernels. I guess you'll flame
> > > me, but at least include a link to the solution too.
> >
> > Why would we flame you?
>
> Because maybe I'm doing something stupid and didn't patch/rebuild
> something when changing kernels like I should. I haven't had trouble
> with at for many years of kernel changes, but 2.6.24 was the first
> with the new security stuff and maybe I need to have some
> capability-aware 'at' program?
>
> > I'll just apologize as I think it's my fault,
> > and ask you to please try the newest available kernel where I believe it
> > should be fixed.
>
> Do I need to recompile glibc and the at software to adjust so some
> kernel interface changes? Did the 'make oldconfig' generate some bad
> config combination? As root it works, so I don't think the at or atd
> are broken (but maybe they have to be patched for >2.6.23.X ?)
>
> bash-3.2$ su - root
> Password:
> BLS #at now
> warning: commands will be executed using /bin/sh
> at> echo "uh-huh..."
> at> <EOT>
> job 8 at Thu Feb 28 02:30:00 2008
>
> (and I checked and the job completes normally)
>
> > thanks,
> > -serge
>
> Thank you for reading. Any ideas on what to try next?

I'm working on setting up something I can test this on better, but just
for good measure can you try the following patch? It should simply
prevent the extra signal checks from happening.

thanks,
-serge