vpnc && setuid
Trond Endrestøl
Trond.Endrestol at fagskolen.gjovik.no
Thu Nov 12 14:30:34 UTC 2015
On Thu, 12 Nov 2015 14:44+0100, Matthias Apitz wrote:
> El día Thursday, November 12, 2015 a las 01:05:49PM +0100, Matthias Apitz escribió:
>
> > El día Thursday, November 12, 2015 a las 10:19:38AM +0000, krad escribió:
> >
> > > Looks like you need to 640 or 644 it.
> >
> > Why? The /usr/local/sbin/vpnc is set to:
> >
> > # ls -l /usr/local/sbin/vpnc
> > -rwsr-xr-x 1 root wheel 105092 10 nov 20:12 /usr/local/sbin/vpnc
> >
> > and the proc should run with euid=0, i.e. as root, but does not do this
> > and the question is, why?
>
> I wrote a small C-pgm:
>
> #define _GNU_SOURCE
> #include <sys/types.h>
> #include <unistd.h>
> #include <stdio.h>
> #include <errno.h>
> #define call(fun) errno = 0; fun; perror(#fun)
>
> int main(int argc, char **argv) {
> FILE *fp;
> uid_t ruid = -1, euid = -1, suid = -1;
> getresuid(&ruid, &euid, &suid);
> printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid);
> fp = fopen("/usr/local/etc/vpnc.conf", "r");
> if( fp != NULL ) {
> printf("file /usr/local/etc/vpnc.conf opened\n");
> fclose(fp);
> }
> call(setuid(1000));
> getresuid(&ruid, &euid, &suid);
> printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid);
>
> return 0;
> }
>
>
> # cc set.c
> # strip a.out
> # chmod 6711 a.out
> # ls -l /usr/local/sbin/vpnc a.out
> -rws--s--x 1 root wheel 105092 10 nov 20:12 /usr/local/sbin/vpnc
> -rws--s--x 1 root wheel 4340 12 nov 14:41 a.out
>
> When I run this as normal user, it works as expected:
>
> $ ./a.out
> > ruid=1001, euid=0, suid=0
> file /usr/local/etc/vpnc.conf opened
> setuid(1000): No error: 0
> > ruid=1000, euid=1000, suid=1000
>
> What is so magic with /usr/local/sbin/vpnc?
Maybe vpnc calls setuid(2) and changes the effective uid to the real
uid before reading the configuration file. Inspecting the source code
or running ktrace should verify or falsify my assumption.
--
+-------------------------------+------------------------------------+
| Vennlig hilsen, | Best regards, |
| Trond Endrestøl, | Trond Endrestøl, |
| IT-ansvarlig, | System administrator, |
| Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
| tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
| sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
+-------------------------------+------------------------------------+
More information about the freebsd-questions
mailing list