$SAFE=0 for setuid?
in [Ruby]
|
From: Rick Ashton on 4 Apr 2010 06:43 Hi From most documentation I see that $SAFE is automatically set to 1 if you run ruby as root. However, this causes pcap that I'm using not to function (it throws a SecurityError). I need $SAFE=0 for pcap to function, however I also need to run it with root privileges for it to function, but as soon as setuid is used, $SAFE changes to 1. Is there a way to have the safety level be overridden to 0 with setuid active? Otherwise I don't see how a library like pcap can be used. Thanks -- Posted via http://www.ruby-forum.com/.
From: Jonathan Nielsen on 4 Apr 2010 12:08 > From most documentation I see that $SAFE is automatically set to 1 if > you run ruby as root. Not entirely true, it sets $SAFE to 1 if you run it with setuid, but just running as root $SAFE will still be 0. > I need $SAFE=0 for pcap to function, however I also need to run it with > root privileges for it to function, but as soon as setuid is used, $SAFE > changes to 1. > > Is there a way to have the safety level be overridden to 0 with setuid > active? Otherwise I don't see how a library like pcap can be used. If you need to run it setuid, I found some C code that claims to be able to do this (with lots and lots of warnings that it's a bad idea and could damage your system) here: http://www.justskins.com/forums/setuid-wrapper-71480.html And yeah, it really is a bad idea to use that code... terribly insecure. Just execute it as root with sudo or su unless you REALLY need setuid. -Jonathan Nielsen
From: Michael Fellinger on 4 Apr 2010 12:09 On Sun, Apr 4, 2010 at 7:43 PM, Rick Ashton <expiation(a)devils.com> wrote: > Hi > > From most documentation I see that $SAFE is automatically set to 1 if > you run ruby as root. > > However, this causes pcap  that I'm using not to function (it throws a > SecurityError). > > I need $SAFE=0 for pcap to function, however I also need to run it with > root privileges for it to function, but as soon as setuid is used, $SAFE > changes to 1. > > Is there a way to have the safety level be overridden to 0 with setuid > active? Otherwise I don't see how a library like pcap can be used. ruby -e 'p [Process.uid, $SAFE]' [0, 0] I don't see what's hindering you. > Thanks -- Michael Fellinger CTO, The Rubyists, LLC
From: Rick Ashton on 4 Apr 2010 12:32 Jonathan Nielsen wrote: > Not entirely true, it sets $SAFE to 1 if you run it with setuid, but > just running as root $SAFE will still be 0. > Ok thanks. Yes, running with sudo will have $SAFE set to 0, however, I'm currently wrapping the script in an app bundle using Platypus. This doesn't allow user input into a terminal so I cannot use sudo (see: http://www.sveinbjorn.org/platypus_tutorial#33) However it does allow the entire script to be run as admin using the Apple Security Framework. I'm unsure about the exact details of the framework but it appears to start the process with setuid. With this entry point then, it doesn't seem to matter what I do (whether I start Ruby directly or I start ruby through sh), $SAFE is always 1 when the script starts. Starting ruby with -T0 doesn't seem to do anything. Not sure what I can do here :/ Why is it that sudo won't raise the safe level but setuid does? Surely they equally escalate privileges? -- Posted via http://www.ruby-forum.com/.
From: Robert Klemme on 5 Apr 2010 13:38
On 04/04/2010 06:32 PM, Rick Ashton wrote: > Jonathan Nielsen wrote: > >> Not entirely true, it sets $SAFE to 1 if you run it with setuid, but >> just running as root $SAFE will still be 0. >> > > Ok thanks. Yes, running with sudo will have $SAFE set to 0, however, I'm > currently wrapping the script in an app bundle using Platypus. > > This doesn't allow user input into a terminal so I cannot use sudo (see: > http://www.sveinbjorn.org/platypus_tutorial#33) > > However it does allow the entire script to be run as admin using the > Apple Security Framework. I'm unsure about the exact details of the > framework but it appears to start the process with setuid. > > With this entry point then, it doesn't seem to matter what I do (whether > I start Ruby directly or I start ruby through sh), $SAFE is always 1 > when the script starts. > > Starting ruby with -T0 doesn't seem to do anything. > > Not sure what I can do here :/ Write a wrapper script with setuid. You can even do such unsafe things as #!/bin/sh -f "$@" > Why is it that sudo won't raise the safe level but setuid does? Surely > they equally escalate privileges? Setuid can be detected by the Ruby interpreter because it is a property of the script executed. sudo is just a process that changes the environment in which the Ruby interpreter is started. This is significantly more difficult to detect since sudo is gone once the interpreter runs: robert(a)fussel:~$ sudo pstree -u $$ bash(robert)???pstree(root) robert(a)fussel:~$ Kind regards robert -- remember.guy do |as, often| as.you_can - without end http://blog.rubybestpractices.com/ |