Bug#888952: nvidia-driver and opencl
Hiromasa YOSHIMOTO
hiromasa.yoshimoto at gmail.com
Mon Feb 5 09:37:19 UTC 2018
Dear Andreas,
Thank you for your small program.
I have no problem with setuid binaries on my system.
I’ve checked also the source code of nvidia-modprobe,
and modified it to show the error messages. The diff is as follows.
--- nvidia-modprobe-384.111.orig/modprobe-utils/nvidia-modprobe-utils.c
+++ nvidia-modprobe-384.111/modprobe-utils/nvidia-modprobe-utils.c
@@ -372,7 +372,11 @@ static int modprobe_helper(const int pri
*
* Silence the current process to avoid such unwanted messages.
*/
- silence_current_process();
+ /*silence_current_process();*/
+
+ fprintf(stderr, "modprobe_path: %s\n", modprobe_path);
+ fprintf(stderr, "module_name: %s\n", module_name);
+ fprintf(stderr, "eeuid() %d\n", geteuid());
execle(modprobe_path, "modprobe",
module_name, NULL, envp);
With this modification, nvidia-modprobe -u will output the following message
when it fails.
———-
modprobe_path: /sbin/modprobe
module_name: nvidia-uvm
eeuid() 0
modprobe: ERROR: could not insert 'nvidia_current_uvm': Operation not permitted
modprobe: ERROR: ../libkmod/libkmod-module.c:979 command_do() Error running install command for nvidia_uvm
modprobe: ERROR: could not insert ‘nvidia_uvm': Operation not permitted
———-
From this output, I think this issue occurs
when we have any wrong configuration in /etc/modprobe.d/.
In my case, /etc/modprobe.d/nvidia.conf has the following lines.
———
install nvidia modprobe -i nvidia-current $CMDLINE_OPTS
install nvidia-modeset modprobe nvidia ; modprobe -i nvidia-current-modeset $CMDLINE_OPTS
install nvidia-drm modprobe nvidia-current-modeset ; modprobe -i nvidia-current-drm $CMDLINE_OPTS
install nvidia-uvm modprobe nvidia ; modprobe -i nvidia-current-uvm $CMDLINE_OPTS
remove nvidia modprobe -r -i nvidia-drm nvidia-modeset nvidia-uvm nvidia
——-
I’m bit confusing between nvidia_uvm and nvidia-uvm. However,
adding a line below, nvidia-modprobe -u now works fine as expected.
———
alias nvidia-uvm nvidia-current-uvm
——-
Best,
Hiromasa YOSHIMOTO
> 2018/02/05 17:45、Andreas Beckmann <anbe at debian.org>のメール:
>
> I've prepared a small program to help debugging whether setuid binaries
> work on your system:
>
> ===== test-setuid.c =====
> #include <unistd.h>
> #include <sys/types.h>
> #include <stdio.h>
>
> int main()
> {
> printf("getuid() = %ld\n", (long)getuid());
> printf("geteuid() = %ld\n", (long)geteuid());
> printf("getgid() = %ld\n", (long)getgid());
> printf("getegid() = %ld\n", (long)getegid());
> }
> =========================
>
> 1) compile
>
> $ gcc -o test-setuid test-setuid.c
>
> 2) try it as user:
>
> $ ./test-setuid
>
> getuid() = 1000
> geteuid() = 1000
> getgid() = 1000
> getegid() = 1000
>
> Your UID/GID could be different ...
>
> 3) try it as root:
>
> $ sudo ./test-setuid
>
> getuid() = 0
> geteuid() = 0
> getgid() = 0
> getegid() = 0
>
> 4) install it as setuid root binary to /usr/bin
> (to be at the same location as nvidia-modprobe)
>
> $ sudo cp test-setuid /usr/bin/test-setuid
> $ sudo chown root:root /usr/bin/test-setuid
> $ sudo chmod u+s /usr/bin/test-setuid
> $ ls -la /usr/bin/test-setuid
>
> -rwsr-xr-x 1 root root 8848 Feb 5 09:13 /usr/bin/test-setuid
>
> 5) run as user
>
> $ /usr/bin/test-setuid
>
> getuid() = 1000
> geteuid() = 0
> getgid() = 1000
> getegid() = 1000
>
> If this works, geteuid() should return 0
>
> 6) cleanup
>
> $ sudo rm /usr/bin/test-setuid
>
>
> You could repeat steps 4-6 with different locations (e.g. on different
> filesystems). For example /run/user/<YOURUID> which should be a tmpfs
> mounted with option nosuid - there it shouldn't work.
>
>
>
> Andreas
>
> _______________________________________________
> pkg-nvidia-devel mailing list
> pkg-nvidia-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-nvidia-devel
More information about the pkg-nvidia-devel
mailing list