FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 05-10-2012, 02:47 PM
Paul Smith
 
Default Problems with setuid app in Ubuntu 12.04

Hi all. I've recently installed Ubuntu 12.04 64bit.

I'm using a proprietary VPN utility from Juniper Networks on my Linux
system. In previous versions of Ubuntu, it worked just fine. In the
current version of Ubuntu, I'm getting failures. For some reason it's
not letting me invoke a setuid application.

The way it is deployed is it unpacks into a hidden directory under
$HOME, then the main VPN program needs to be made setuid root so that it
can be invoked by me but do root-y things. I've done all this.

Then, you can either run the tool directly from the command line or you
can run a little Java UI control window which manages the VPN. If I run
the program directly from the command line, the setuid works and the VPN
comes up and works fine. But, I can't control it or see how long it's
been up.

Whenever I try to use the Java control panel the GUI comes up and tries
to run the setuid program, but it fails and then the whole thing
crashes. I get this error:

Failed to setuid to root. Error 1: Operation not permitted

But I have clearly set the right bits and it works when invoked
directly. I've tried many different variations of Java including
downloaded ones directly from Sun/Oracle.

One note, the application is 32bit and provides a 32bit .so that is
linked into the Java UI, so I need to run 32bit Java as well. Not sure
if that matters.

Has the 12.04 release installed some new security measures that might be
keeping my setuid program from working properly? I've tried putting
Java under /opt/jvm and also run "service apparmor teardown" to try to
be sure apparmor is not involved, but I don't know enough to know if I
succeeded.

I'm really stuck and could use any pointers or tips anyone has.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-11-2012, 10:02 AM
Rigved Rakshit
 
Default Problems with setuid app in Ubuntu 12.04

The way it is deployed is it unpacks into a hidden directory under

$HOME, then the main VPN program needs to be made setuid root so that it

can be invoked by me but do root-y things. *I've done all this.



Then, you can either run the tool directly from the command line or you

can run a little Java UI control window which manages the VPN. *If I run

the program directly from the command line, the setuid works and the VPN

comes up and works fine. *But, I can't control it or see how long it's

been up.



Whenever I try to use the Java control panel the GUI comes up and tries

to run the setuid program, but it fails and then the whole thing

crashes. *I get this error:



*Failed to setuid to root. Error 1: Operation not permitted

This message clearly states that the Java control panel GUI does not have enough privileges to run the setuid program. Just as a test, try to run the control panel first as your normal user and then using sudo. On a different note, maybe the Java VM is preventing the control panel to run setuid program, viewing it as a security breach.



Best Regards,
Rigved Rakshit

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-11-2012, 04:49 PM
Paul Smith
 
Default Problems with setuid app in Ubuntu 12.04

On Fri, 2012-05-11 at 15:32 +0530, Rigved Rakshit wrote:
>> Paul Smith wrote:
> Failed to setuid to root. Error 1: Operation not permitted
>
> This message clearly states that the Java control panel GUI does not
> have enough privileges to run the setuid program.

Yes, definitely. However, all the EXACT SAME software (same version of
Sun Java, same VPN software), worked fine last week on my Ubuntu 10.10
system. Since I've reinstalled with Ubuntu 12.04, I now get these
failures.

> Just as a test, try to run the control panel first as your normal user
> and then using sudo.

Unfortunately I can't run it via sudo, it has a check to ensure you
won't start it as root so if I try it just fails without even attempting
to invoke the setuid application.

> On a different note, maybe the Java VM is preventing the control panel
> to run setuid program, viewing it as a security breach.

That could be, except as I mentioned, it never used to do that in Ubuntu
10.10, with all the same software.




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-12-2012, 11:45 AM
Rigved Rakshit
 
Default Problems with setuid app in Ubuntu 12.04

> * * * * *Failed to setuid to root. Error 1: Operation not permitted

There seems to be a ubuntuforums post where a similar problem to yours was encountered. http://ubuntuforums.org/showthread.php?t=232607&page=28 Scroll down to post #272.



Switching to the last page, post #471 has a link to a blog post for 11.10 (http://blog.poomalairaj.com/juniper-network-connect-ubuntu-11-10/). It's basically a summary of everything in this very long thread. Please try it and check if your VPN is working or not.



Best Regards,
Rigved Rakshit

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-12-2012, 08:29 PM
Paul Smith
 
Default Problems with setuid app in Ubuntu 12.04

On Sat, 2012-05-12 at 17:15 +0530, Rigved Rakshit wrote:
> > Failed to setuid to root. Error 1: Operation not permitted
>
> There seems to be a ubuntuforums post where a similar problem to yours
> was encountered.
> http://ubuntuforums.org/showthread.php?t=232607&page=28 Scroll down to
> post #272.

I agree that looks identical to my problem; unfortunately there's no
followup with any sort of solution or anything.

> Switching to the last page, post #471 has a link to a blog post for
> 11.10
> (http://blog.poomalairaj.com/juniper-network-connect-ubuntu-11-10/).
> It's basically a summary of everything in this very long thread.
> Please try it and check if your VPN is working or not.

FYI, I'm the person who wrote the junipernc script and
http://mad-scientist.net is my site. All the information available at
this blog I'm already familiar with and there's nothing new or different
there than I've done many times already, unfortunately.

I just don't know how to make progress at this point. Is there
something I can enable on the system that might provide more details
about exactly what permissions are missing or what this error message
really means?


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-13-2012, 07:32 AM
Paul Smith
 
Default Problems with setuid app in Ubuntu 12.04

On Sat, 2012-05-12 at 16:29 -0400, Paul Smith wrote:
> >> Failed to setuid to root. Error 1: Operation not permitted
>
> I agree that looks identical to my problem; unfortunately there's no
> followup with any sort of solution or anything.

Oy vey. I figured it out. It was a terrible confluence of two bizarre
things: the first one was that I somehow had copied an instance of the
binary that was supposed to be setuid into my home directory, where of
course after the copy it was no longer setuid. I have no idea how or
why I would have done such a thing.

And the second one is that the Java UI appears to be specifically
searching the current directory BEFORE it looks on $PATH (I never have
"." in my $PATH for security reasons).

This means the Java UI was invoking the non-setuid copy of the program
from my home directory even though neither my current directory nor my
home directory is on my $PATH.

What a drag, to have spent so much time on this. I've updated my
scripting to force a cd to the right directory before launching the Java
UI program and that seems to solve the problem (even if I don't delete
the stray program from my home directory).

Sorry for the confusion/noise. Cheers!


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-13-2012, 07:35 AM
Rigved Rakshit
 
Default Problems with setuid app in Ubuntu 12.04

FYI, I'm the person who wrote the junipernc script and

http://mad-scientist.net is my site. *All the information available at

this blog I'm already familiar with and there's nothing new or different

there than I've done many times already, unfortunately.

Ahh! Sorry about that. I did not notice your email id (GMail shows full names in most places).
*




I just don't know how to make progress at this point. *Is there

something I can enable on the system that might provide more details

about exactly what permissions are missing or what this error message

really means?

I do not know more about this but definitely someone does. Maybe posting a question on askubuntu.com or asking around on #ubuntu on Freenode (IRC) might help, if you have not already done these.



Best Regards,
Rigved Rakshit

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-13-2012, 07:37 AM
Rigved Rakshit
 
Default Problems with setuid app in Ubuntu 12.04

Oy vey. *I figured it out. *It was a terrible confluence of two bizarre

things: the first one was that I somehow had copied an instance of the

binary that was supposed to be setuid into my home directory, where of

course after the copy it was no longer setuid. *I have no idea how or

why I would have done such a thing.



And the second one is that the Java UI appears to be specifically

searching the current directory BEFORE it looks on $PATH (I never have

"." in my $PATH for security reasons).



This means the Java UI was invoking the non-setuid copy of the program

from my home directory even though neither my current directory nor my

home directory is on my $PATH.



What a drag, to have spent so much time on this. *I've updated my

scripting to force a cd to the right directory before launching the Java

UI program and that seems to solve the problem (even if I don't delete

the stray program from my home directory).



Sorry for the confusion/noise. *Cheers!

Good that you were able to solve it!

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 05-13-2012, 02:15 PM
Akash Jain
 
Default Problems with setuid app in Ubuntu 12.04

Hi Paul,

Thanks for telling the solution which worked !

A lot of times, people just dont seem to tell the things which worked for them, making it bad for future problems.

Thanks again.

Cheers !


On Sun, May 13, 2012 at 1:07 PM, Rigved Rakshit <r.phate@gmail.com> wrote:

Oy vey. *I figured it out. *It was a terrible confluence of two bizarre

things: the first one was that I somehow had copied an instance of the

binary that was supposed to be setuid into my home directory, where of

course after the copy it was no longer setuid. *I have no idea how or

why I would have done such a thing.



And the second one is that the Java UI appears to be specifically

searching the current directory BEFORE it looks on $PATH (I never have

"." in my $PATH for security reasons).



This means the Java UI was invoking the non-setuid copy of the program

from my home directory even though neither my current directory nor my

home directory is on my $PATH.



What a drag, to have spent so much time on this. *I've updated my

scripting to force a cd to the right directory before launching the Java

UI program and that seems to solve the problem (even if I don't delete

the stray program from my home directory).



Sorry for the confusion/noise. *Cheers!

Good that you were able to solve it!


--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org