[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] running as root
>
> Hmmm, I'm working from memory here, so I reserve the right to be
> misinformed.... ;)))
>
> > Unless Linux's system has changed recently, set-uid scripts *won't* work -
> > they're considered a huuuuuuuuuuuuuuuuuuge security hole.
>
> Well, I've just tried it and it works. (2.0.36). I don't think I've
> buggered the kernel in any way, although it's been going for years (well,
> more than one!) now, so it's possible I've forgotton. But anyway, I think
> you are confusing real & effective UIDs and GUIDs here.
>
setuid script works? doesn't here :) Just tried the obvious:
#!/bin/sh
cat /etc/shadow
The script runs, but I get "/etc/shadow: permission denied" (yes it is
root.root 4755). If the script was running as root, you wouldn't get that.
I'm running 2.2.14. I used to run 2.0.34 and that couldn't suid script
either. And I've also tried ksh and csh...with the same results. suid script
will not work :)
Fiddling around with su, sudo and id, it seems they do a full setuid and not
just a seteuid...even so, id should still return 'root'
> > Which they are,
> > when you know how to get round them.
>
> I *did* point this out...
>
sorry :)
> > Race type conditions are ripe :)
>
> Err, are you sure about that? Off the top of my head, I can't think of
> one.
>
>From what I remember reading last time I checked this up, race conitions were
one potential cause - this is why Solaris can do suid shell scripts by
feeding the contents of the script through a pipe into the shell interpreter
- it avoids the races ... as I remember it :)
>
> Try this: (it's C, obviously)
>
> #include <stdio.h>
> #include <unistd.h>
>
> void main(void) { /* I know you don't void(void), just for the record */
> printf("User id: %d\nis effectively: %d\n", getuid(), geteuid());
> printf("Group id: %d\nis effectively: %d\n", getgid(), getegid());
> }
>
> Save as test.c, or something, type 'make test'. Play around with it. EUID:
> root.
>
oh aye, C can suid - its a binary once built - it's only interpreted (ie
shell scripts) that can't be run suid. Perl scripts can be run suid by using
the sperl interpreter - I've never used it though, so I can't say how good it
is :)
>
> Sudo is good for accounting ;)
>
True, but if you're writing a good wrapper, nothing to stop you calling
syslog(3) to create log entries :)
> > main()
>
> You're worse than me ;)
>
This is how I write small one line C things. Longer stuff tends to get the
full treatment, so "gcc -Wall" creates no warnings :)
> > {
> > system ("/usr/bin/myshellscript");
> > return 0;
> > }
>
> Although at least you return int .. :)))
>
*grin*
However, I have read that system() won't work for suid stuff if /bin/sh
points to bash greater than version 2...from the man page for system(3):
... system() will not, in fact, work properly from
programs with suid or sgid privileges on systems on which
/bin/sh is bash version 2, since bash 2 drops privileges
on startup. (Debian uses a modified bash which does not
do this when invoked as sh.)
So, you would have to use the exec* functions.
> As always, it depends on circumstances...
>
Indeed :)
Chris...
--
@}-,'-------------------------------------------------- Chris Johnson --'-{ [at]
/ "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk \
/ between Sex and Gender. Therein lies the key / \
/ to our freedom" -- LB / www.nccnet.co.uk/~sixie \
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.