From: Wayne on 10 Jun 2010 22:51 On 6/9/2010 6:45 AM, pk wrote: > Luis P. Mendes wrote: >> ... >> Since the suid bit in 'xx.sh' is set, why do I get: >> scripts$ ./xx.sh >> bash: ./xx.sh: Permission denied >> when I try to run it with my 'lp' user? > ... > In Linux (and probably other systems), SUID is ignored on scripts. > If you *really* want that, you can write a binary wrapper to the script. You know a lot of people say this, but I've never been able to get it to work. I've tried using "system" and various "exec" calls, but all ignore the EUID when running the script. Searching the Internet for quite some time failed to locate any examples. Here's what I've tried, please tell me what I'm missing: $ cat bar.c int main ( void ) { return system( "bash bar.sh" ); } $ cat bar.sh cat secret.txt $ ls -l bar* secret.txt -rwsr-x--x. 1 adm wayne 4899 2010-06-10 22:44 bar -rw-r-----. 1 wayne wayne 54 2010-06-10 22:44 bar.c -rw-r-----. 1 wayne wayne 15 2010-06-10 22:42 bar.sh -r--------. 1 adm root 225 2010-05-29 21:15 secret.txt $ ./bar cat: secret.txt: Permission denied -- Wayne
From: Seebs on 10 Jun 2010 23:04 On 2010-06-11, Wayne <nospan(a)all.invalid> wrote: > Here's what I've tried, please tell me what I'm missing: You're missing a setuid. > $ cat bar.c > int main ( void ) > { setuid(geteuid()); > return system( "bash bar.sh" ); > } The above is massively oversimplified, but is about how it was done in 1988 or so. It may still work, but check the man pages. Basically, what you need to do is make your real user-id bit be the special value, because, as you note, effective user-id is ignored. Basically, the main thing effective user-id does is let you set your real uid to it. :P -s -- Copyright 2010, all wrongs reversed. Peter Seebach / usenet-nospam(a)seebs.net http://www.seebs.net/log/ <-- lawsuits, religion, and funny pictures http://en.wikipedia.org/wiki/Fair_Game_(Scientology) <-- get educated!
From: Wayne on 10 Jun 2010 23:32 On 6/10/2010 11:04 PM, Seebs wrote: > On 2010-06-11, Wayne <nospan(a)all.invalid> wrote: >> Here's what I've tried, please tell me what I'm missing: > > You're missing a setuid. > >> $ cat bar.c >> int main ( void ) >> { > setuid(geteuid()); >> return system( "bash bar.sh" ); >> } > > The above is massively oversimplified, but is about how it was done > in 1988 or so. It may still work, but check the man pages. Basically, > what you need to do is make your real user-id bit be the special > value, because, as you note, effective user-id is ignored. > > Basically, the main thing effective user-id does is let you set your > real uid to it. :P > > -s That didn't work but you put me on the right track. For Linux, this worked: $ cat bar.c #include <sys/types.h> #include <unistd.h> int main ( void ) { setreuid( geteuid(), geteuid() ); return system( "bash bar.sh" ); } Thanks for the hint! -- Wayne
From: Wayne on 11 Jun 2010 00:19 On 6/10/2010 11:32 PM, Wayne wrote: > On 6/10/2010 11:04 PM, Seebs wrote: >> On 2010-06-11, Wayne <nospan(a)all.invalid> wrote: >>> Here's what I've tried, please tell me what I'm missing: >> >> You're missing a setuid. >> >>> $ cat bar.c >>> int main ( void ) >>> { >> setuid(geteuid()); >>> return system( "bash bar.sh" ); >>> } >> >> The above is massively oversimplified, but is about how it was done >> in 1988 or so. It may still work, but check the man pages. Basically, >> what you need to do is make your real user-id bit be the special >> value, because, as you note, effective user-id is ignored. >> >> Basically, the main thing effective user-id does is let you set your >> real uid to it. :P >> >> -s > > That didn't work but you put me on the right track. For Linux, this > worked: > ... A follow-up: I needed to refine the C program a bit to eliminate any error or warning messages: $ cat wrapper.c /* wrapper.c - a C wrapper program that, when suid, can * run shell scripts as another user. * Written 6/2010 by Wayne */ #define _XOPEN_SOURCE 500 #include <stdlib.h> #include <unistd.h> int main ( void ) { /* Set the real and effective UID to the current effective UID: */ setreuid( geteuid(), geteuid() ); return system( "bash wrapper.sh" ); } I think this should work on Unix too. I discovered on anomaly though. Running: $ ./wrapper works fine! But root can't run it: # ./wrapper bash: wrapper.sh: Permission denied (Of course, root can run the shell script directly.) I don't understand the problem here with setreuid; even if that fails when the RUID is root, why doesn't the "system" call work? -- Wayne
From: Sven Mascheck on 11 Jun 2010 05:47 Seebs <usenet-nospam(a)seebs.net> wrote: > On 2010-06-11, Wayne <nospan(a)all.invalid> wrote: > You're missing a setuid. >> $ cat bar.c >> int main ( void ) >> { > setuid(geteuid()); >> return system( "bash bar.sh" ); >> } Alternatively: If the euid is different from the uid, then some shells need to be advised not to set back the euid. The SVR4 sh and bash-2 ff. require "-p", ksh88 and 93 activate it automatically. return system( "/path/to/bash -p /path/to/bar.sh" );
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Where is the document for /dev/fd/0? Next: Removing pwd directory and su and cd .. issue |