Sudo works incorrectly? when using it with qemu-user emulation

[ghost]

Originally Referenced on proot-distro #48

sudo gives me errors about setuid even though the permissions are correct when running proot-distro with qemu user emulation

❯ proot-distro login ubuntu-18.04 --user marcusz ### This is x86 ubuntu
marcusz@localhost:~$ /usr/bin/sudo
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
marcusz@localhost:~$

Steps to Reproduce this problem

1. Install i386 environment (proot-distro)
2. Install sudo
3. Add user account and the user to sudoers (not usermod)
4. Log in as user
5. Test sudo sudo test

And it should give setuid error even with the correct permission

Reproducing this problem without qemu (or using native architecture) does not occur this problem

[michalbednarski]

It looks like PRoot currently checks set-uidness of qemu binary, not sudo.

Since it seems (to me) that fixing this is not hard yet not trivial, I'll try making this "good first issue" as I think fixing this would be nice introduction to proot code. (If there won't be anyone willing to try this I'll fix that myself later, but I think this is nice occasion to try)

I think real path to executed binary could be taken from tracee->raw_path and translating it or could be saved in expand_runner before it is replaced.

[ghost]

Ok, so setting the permission of qemu user binary as setuid has some weird effects,

so if logging in as user, then it will log in as user but still root however it kinda mixed up which the $USER environment variable is marcusz but the whoami output is root

but it's kinda better when qemu-user binary as non-setuid

[michalbednarski]

What you are showing is effect of distinction between real and effective uid (same thing would occur on normal Linux if you'd make all binaries suid).

When set-uid program is being executed, effective uid is set to root (or another owner of file in actual Linux) while real uid stays same.

• dpkg, $USER check real uid
• whoami checks effective uid
• id will show uid= for real uid and if effective uid is different it'll also show euid=

[ghost]

Huh i see, i thought there will be a workaround if i set the qemu binary as setuid, but it didn't, and gives weird results

[ghost]

I think i found a workaround here,

since proot is able to run native binaries on emulated environment, i was able to run busybox arm64 static su and do root operations here and it works

i have to use native busybox su for now until i can get sudo to be compiled statically or proot to be fixed,

probably this is my only suggestion for now

[ghost]

I also found another solution by running an SSH server as root (allow the root user to be logged in via ssh) , and login to ssh root user to gain root access,

I had to function ssh as sudo so i could easily run commands as root under qemu:

sudo(){ ssh root@localhost -p <port> "$@" }; 

I had to use localhost-only mode to only accept only local connections

[michalbednarski]

This was now fixed as part of #195

(Although it also means that good first issue experiment has failed...)

[SDRausty]

(Although it also means that good first issue experiment has failed...)

_PRINTPROOTERROR_

$ grep _PRINTPROOTERROR_ *h
maintenanceroutines.bash:84:"$INSTALLDIR/$STARTBIN" || _PRINTPROOTERROR_
maintenanceroutines.bash:122:$INSTALLDIR/root/bin/setupbin.bash || _PRINTPROOTERROR_
maintenanceroutines.bash:143:$STARTBIN || _PRINTPROOTERROR_
necessaryfunctions.bash:227:"$INSTALLDIR/$STARTBIN" || _PRINTPROOTERROR_
necessaryfunctions.bash:544:"$INSTALLDIR"/root/bin/setupbin.bash || _PRINTPROOTERROR_
printoutstatements.bash:231:_PRINTPROOTERROR_() {

Maybe good first issue should have been advertised in an install script?

[ghost]

It looks like i didn't notice this issue fixed, thanks