Bug#888952: nvidia-driver and opencl
Russ Allbery
rra at debian.org
Thu Feb 8 17:12:29 UTC 2018
Hiromasa YOSHIMOTO <hiromasa.yoshimoto at gmail.com> writes:
> I wrote small program to reproduce this issue.
> Could you check and try the attached code?
> The step is:
> $ gcc check.c -lcap -omain
> $ cp main sub # "sub" corresponds to insmod that
> causes EPERM
> $ sudo chown 0.0 main
> $ sudo chmod u+s main # "main" corresponds to nvidia-modprobe
> $ ./main
> This is what I get:
> ./main euid: 0 # root privilege
> CAP_SYS_MODULE: 1 # has capability
> ./sub euid: 1000 # lost root privilege (1000 is my uid)
> CAP_SYS_MODULE: 0 # the cap. is removed.
> Strictly, I use dash as /bin/sh
> but CAP_SYS_MODULE is dropped when system() is used.
I believe dash will drop privileges if euid != uid. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
The workaround is to call setuid(0) in the parent program before you call
modprobe, or otherwise arrange for euid == uid.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the pkg-nvidia-devel
mailing list