Re: SetUID & Operation not permitted
From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 09/18/05
- Previous message: Robert Newson: "Re: SetUID & Operation not permitted"
- In reply to: Robert Newson: "Re: SetUID & Operation not permitted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 18 Sep 2005 15:36:28 GMT
Robert Newson <ReapNewsB@bullet3.fsnet.oc.ku> writes:
>eban wrote:
>> Hi
>>
>> When I try to change any binary to set user id on execution, i am not able to execute it.
>> I have done:
>>
>> compile my binary, eg. pro
>> su to root
>> chmod 711 pro; chown root.root pro; chmod u+s pro
>You could combine the chmods:
># chown root:root pro ; chmod 04711 pro
>(Leading zero not necessary, but acts as a reminder that the chmod value is
>octal[1]. 4 immediately before perms = suid, 2 = sgid, 1 = sticky.)
>> this gives:
>> -rws--x--x 1 root root 825 Sep 16 21:11 pro
>>
>> However, when I change back to the original user, and do a
>>
>> ./pro
>>
>> I get
>>
>> bash: ./pro: Operation not permitted
>>
>> What do I forget here ?
>Not sure, but the size of 'pro' (825 bytes) suggests to me that it could be
>a script, not a binary[2]; in that case, AFAIK, bash will _NOT_ run the
>script suid (security?).
He said it was a "binary" but I agree that 825 bytes is a wee bit small to
be a binary. It looks like a script. Then yes, bash WILL ignore the SUID
bit. You MUST write a suid wrapper to run a script suid.
It would be really really nice if people actually described their problems
accurately to prevent the rest of us from running after red herrings.
Here is an example to run the script /usr/local/bin/net
(with 1,2 3or 4 arguments)
It first creates a minimal trusted environment, switches uid to root, and
then runs the script.
#include <signal.h>
#include <sys/param.h>
#include <stdio.h>
#include <pwd.h>
static char *trusted_env[]={"PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/local/bin",0};
main(int argc, char * argv[])
{
struct passwd *pwd;
int i;
uid_t uid;
for (i=0;i < NSIG;i++){ if(i!= SIGKILL && i!=SIGCHLD)
{(void) signal(i,SIG_IGN);}
}
uid=getuid();
if ( (pwd = getpwuid(uid))== (struct passwd *)0 )
exit(1);
setuid((uid_t)0);
//perror("setuid: ");
if (argc==2)
{ execle("/usr/local/bin/net","/usr/local/bin/net",argv[1],(char *)0,trusted_env);
perror("Failed ");
}
else
{
if (argc == 3)
execle("/usr/local/bin/net","/usr/local/bin/net",argv[1],argv[2],(char *)0,trusted_env);
else
{
if (argc == 4)
execle("/usr/local/bin/net","/usr/local/bin/net",argv[1],argv[2],argv[3],(char *)0,trusted_env);
else if (argc == 5 )
execle("/usr/local/bin/net","/usr/local/bin/net",argv[1],argv[2],argv[3],argv[4],(char *)0,trusted_env);
}
}
setuid(uid);
fprintf(stderr,"network [up|start|down|stop] [dhcp|home|work]\n %d\n",argc);
exit(1);
}
>Is 'pro' a script? (In which case, you'll also need read access: chmod
>04755 pro) The script may be trying to do something that requires root
>privileges, at which point it fails?
>Another possibility may be that the partition on which it resides is mounted
>'noexec' (I don't know what kind of error that could generate, but it won't
>let you run anything from it):
>$ man mount
>...
> noexec Do not allow execution of any binaries on
> the mounted file system. This option might
> be useful for a server that has file systems
> containing binaries for architectures other
> than its own.
>[1] habit from C programming where a leading zero (0), but not zero-x (0x),
>forces the number to be interpreted as octal; 0x forces hexadecimal.
>[2] a simple test of [optimised] compiling 'main(){}' stripped gives a
>binary of about 3,000 bytes in size.
- Previous message: Robert Newson: "Re: SetUID & Operation not permitted"
- In reply to: Robert Newson: "Re: SetUID & Operation not permitted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
