I upgraded from Core 4 to Core 9 (fresh install) and now my mailinglist manager, mj2, won't work anymore. Here's the problem. In ~majordomo/bin, I have all of the programs (written in perl) and all of the associated wrappers. The wrappers are all owned by majordomo (owner and group) and the appropriate ones also have setuid and setgid bits set. Unless I am sudo'd to the majordomo account (103 in this case), the program does not start because of a problem with setgid.
BTW, selinux is totally disabled.
528 > ~majordomo/bin/mj_shell Insecure dependency in eval while running setuid at /usr/lib/perl5/5.10.0/SelfLoader.pm line 54. Compilation failed in require at /usr/lib/perl5/site_perl/5.10.0/Term/ReadLine/Perl.pm line 63. 529 >
I did some experimenting and discovered that the setgid bit is not working. In fact, I even went so far as to modify the code so that the wrapper was installed setuid/setgid as root and I made the program do a setgid, setegid, setresgid to 103, all to no avail. The error that I get back is EPERM, which in the man page says:
The calling process is not privileged (does not have the CAP_SETGID capability), and gid does not match the effective group ID or saved set-group-ID of the calling process.
To recap, the fundamental problem is that I seem to no longer be able to run setgid either as root or as the result of installing a program with the setgid bit set. The software I'm using is actuallying looking to see if the current group is the same as the saved group.
It doesn't matter if I run it as steveo or root. The only time it succeeds is if I am su'd to majordomo.
If anyone can help me and help quickly, my server is now down, and I'd really appreciate suggestions on what to do.
Is there something that needs to be done to allow setgid to succeed? AFAICT, that's the only thing that's holding me up right now.