Gringotts on FC3
Benjamin Franz
snowhare at nihongo.org
Tue Mar 7 12:00:55 UTC 2006
On Tue, 7 Mar 2006, Steffen Kluge wrote:
> On Sun, 2006-03-05 at 16:23 -0800, Benjamin Franz wrote:
>> Try putting the following in a script and then run it using the script.
>> Don't ask me why it works.
>>
>> #!/bin/bash
>> /usr/bin/strace /usr/bin/gringotts 2> /dev/null
>
> Does *anyone* know why it works? I've been doing the strace trick ever
> since it broke (I know it worked fine in FC2). What would make gringotts
> reliably fail (segfault) when run directly, but reliably succeed when
> run under strace? Some sort of race condition? I've done a great many
> builds of gringotts and its libs, using different combinations of
> compiler switches, but they all segfault eventually.
>
> Gringotts looks like a fine secure container for those who don't need a
> whole encrypted filesystem. There don't seem to be any work-alikes in
> Fedora, so I'd be very pleased if it started working properly again.
Some Googling gave me this:
http://lists.debian.org/debian-kernel/2004/11/msg00372.html
The quick and dirty fix: Remove setuid from /usr/bin/gringotts
As root: chmod -s /usr/bin/gringotts
I tested it. It worked.
The 64 dollar question is why the heck it is running setuid in the first place?
--
Benjamin Franz
If you can't handle reality, it *will* handle you.
More information about the fedora-list
mailing list