Bug 567

Summary: sudo error : setreuid(0, 0) failed, your operating system may have a broken setreuid() function
Product: Sudo Reporter: janr <janmejoy.rout>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: high    
Priority: low    
Version: 1.6.7   
Hardware: IBM   
OS: AIX   

Description janr 2012-08-11 14:12:02 MDT 
sulog returns following error upon execution.

/home/janrout > sudo -l 
setreuid(0, 0) failed, your operating system may have a broken setreuid() function 
Try running configure with --disable-setreuid 
/home/janrout > 


Still not able to resolve the problem. Due to this sudo is not funtioing for any users in /etc/sudoers and /var/adm/sudo.log is not getting updated. Tried reinstalling sudo but problem still persists.
Comment 1 Todd C. Miller 2012-08-11 17:10:58 MDT 
You probably have AIX role-based access control (RBAC) enabled.  This is preventing sudo from changing the uid.

If you run the following comand:
$ lsattr -E -l sys0 -a enhanced_RBAC

If it shows that enhanced_RBAC is set to true then that would explain the problem.  You can either disable RBAC by running:

# chdev -l sys0 -a enhanced_RBAC=false

and rebooting, or you can try to configure RBAC to allow sudo to run.  To do this, add the following entry to the /etc/security/privcmds file (adjust the path to sudo as needed) and run the setkst command as root:

/usr/local/bin/sudo:
        accessauths = ALLOW_ALL
        innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC
        secflags = FSF_EPS

then run the setkst command as root.
Comment 2 janr 2012-08-13 06:48:13 MDT 
Hi Todd,
 
Thanks for reverting. But there is no such attribute with RBAC for sys0. There is also no file as /etc/security/privcmds . Can you suggest anything more to check for this error?
 
 root:/ > lsattr -E -l sys0 -a enhanced_RBAC
lsattr: 0514-528 The "enhanced_RBAC" attribute does not exist in the predefined
        device configuration database.
 root:/ >

Additinally found that a required directory /tmp/.odus  of sudo did not exist. Tried creating a blank directory and ran sudo , that too without any luck. After further checks from mksysb and TSM backups found this directory was not present when sudo was functional before
Comment 3 Todd C. Miller 2012-08-13 07:39:05 MDT 
You should try a newer version of sudo--1.6.7 is ancient.  You can find packages at http://www.sudo.ws/sudo/download.html#binary
Comment 4 Todd C. Miller 2012-09-11 13:40:02 MDT 
Sudo 1.6.x is no longer supported.  If the problem still occurs with the current version of sudo 1.7 or 1.8 please reopen the bug.