[sudo-users] missing proc_exec priviledge on solaris 10/x86

[david van zeebroeck]

hi

i just installed Sudo version 1.8.9 on a solaris 10/x86 box using the csw
package
before there was allready sudo version 1.8.8 on the system

now after the upgrade, with the same config file i suddenly can't perform a
sudo command

i allway's get the error "Not owner"
ex:

sudo -i
-bash: /usr/sbin/quota: Not owner
-bash: /bin/cat: Not owner
-bash: /bin/mail: Not owner
-bash: /sbin/uname: Not owner
-bash: /usr/ucb/whoami: Not owner
-bash: /bin/tty: Not owner
-bash: /bin/stty: Not owner
-bash: /sbin/uname: Not owner
-bash: /usr/ucb/whoami: Not owner
-bash: /usr/xpg4/bin/id: Not owner

after some investigation it seem it's missing the proc_exec priviledge :
ppriv -eD sudo -i
bash[10046]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /usr/sbin/quota: Not owner
bash[10047]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /bin/cat: Not owner
bash[10048]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /bin/mail: Not owner
bash[10050]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /sbin/uname: Not owner
bash[10052]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /usr/ucb/whoami: Not owner
bash[10054]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /bin/tty: Not owner
bash[10055]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /bin/stty: Not owner
bash[10057]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /sbin/uname: Not owner
bash[10059]: missing privilege "proc_exec" (euid = 0, syscall = 59) needed
at exec_common+0xca
-bash: /usr/ucb/whoami: Not owner

normaly it spawns a bash process  with following priviledges :
21417:  -bash
flags = <none>
        E:
contract_event,contract_observer,cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_downgrade_sl,file_link_any,file_owner,file_setid,file_upgrade_sl,graphics_access,graphics_map,ipc_dac_read,ipc_dac_write,ipc_owner,net_access,net_bindmlp,net_icmpaccess,net_mac_aware,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_clock_highres,proc_exec,proc_fork,proc_info,proc_lock_memory,proc_owner,proc_priocntl,proc_session,proc_setid,proc_taskid,proc_zone,sys_acct,sys_admin,sys_audit,sys_config,sys_devices,sys_ip_config,sys_ipc_config,sys_linkdir,sys_mount,sys_net_config,sys_nfs,sys_res_config,sys_resource,sys_suser_compat,sys_time,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_dga,win_downgrade_sl,win_fontpath,win_mac_read,win_mac_write,win_selection,win_upgrade_sl
        I:
file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session
        P:
contract_event,contract_observer,cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_downgrade_sl,file_link_any,file_owner,file_setid,file_upgrade_sl,graphics_access,graphics_map,ipc_dac_read,ipc_dac_write,ipc_owner,net_access,net_bindmlp,net_icmpaccess,net_mac_aware,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_clock_highres,proc_exec,proc_fork,proc_info,proc_lock_memory,proc_owner,proc_priocntl,proc_session,proc_setid,proc_taskid,proc_zone,sys_acct,sys_admin,sys_audit,sys_config,sys_devices,sys_ip_config,sys_ipc_config,sys_linkdir,sys_mount,sys_net_config,sys_nfs,sys_res_config,sys_resource,sys_suser_compat,sys_time,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_dga,win_downgrade_sl,win_fontpath,win_mac_read,win_mac_write,win_selection,win_upgrade_sl
        L:
contract_event,contract_observer,cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_downgrade_sl,file_link_any,file_owner,file_setid,file_upgrade_sl,graphics_access,graphics_map,ipc_dac_read,ipc_dac_write,ipc_owner,net_access,net_bindmlp,net_icmpaccess,net_mac_aware,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_clock_highres,proc_exec,proc_fork,proc_info,proc_lock_memory,proc_owner,proc_priocntl,proc_session,proc_setid,proc_taskid,proc_zone,sys_acct,sys_admin,sys_audit,sys_config,sys_devices,sys_ip_config,sys_ipc_config,sys_linkdir,sys_mount,sys_net_config,sys_nfs,sys_res_config,sys_resource,sys_suser_compat,sys_time,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_dga,win_downgrade_sl,win_fontpath,win_mac_read,win_mac_write,win_selection,win_upgrade_sl

but now i get :

13120:  -bash
flags = PRIV_AWARE
        E:
file_dac_read,file_dac_search,file_dac_write,file_link_any,net_access,proc_fork,proc_info,proc_session
        I:
file_dac_read,file_dac_search,file_dac_write,file_link_any,net_access,proc_fork,proc_info,proc_session
        P:
file_dac_read,file_dac_search,file_dac_write,file_link_any,net_access,proc_fork,proc_info,proc_session
        L:
contract_event,contract_observer,cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_downgrade_sl,file_link_any,file_owner,file_setid,file_upgrade_sl,graphics_access,graphics_map,ipc_dac_read,ipc_dac_write,ipc_owner,net_access,net_bindmlp,net_icmpaccess,net_mac_aware,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_clock_highres,proc_fork,proc_info,proc_lock_memory,proc_owner,proc_priocntl,proc_session,proc_setid,proc_taskid,proc_zone,sys_acct,sys_admin,sys_audit,sys_config,sys_devices,sys_ip_config,sys_ipc_config,sys_linkdir,sys_mount,sys_net_config,sys_nfs,sys_res_config,sys_resource,sys_suser_compat,sys_time,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_dga,win_downgrade_sl,win_fontpath,win_mac_read,win_mac_write,win_selection,win_upgrade_sl

anyone any clues as to why this is happening?