program calls rcmd() twice, _second_ call works for root but not normal users

program calls rcmd() twice, _second_ call works for root but not normal users

Post by David Matho » Fri, 17 Jun 2005 03:50:46



I have a hacked up version of rsh based on inetutils-1.4.2 which accepts
a list of hosts and runs the same command on each of them
(sequentially).  In other words, it does this in a loop:

   rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);

where the host part changes but the other parts don't.  This is so
that I can do:

   rsh host1,host2,host3 whatever
     or
   rsh -f list_of_hosts  whatever

instead of

   rsh host1  whatever
   rsh host2  whatever
   rsh host3  whatever

Now the odd part: this modified rsh works just fine for root but for any
other user the rcmd call works once (for the first host) and
then gives a

   rcmd: socket: Permission denied

when it attempts a second rcmd call.  This is true even if host in
the second rcmd is the same as it was in the first rcmd.
Yes, the modified rsh is suid root, otherwise it wouldn't
even do the first rcmd call.

I tried adding

   shutstat=shutdown(rem, SHUT_RDWR);

so that the socket would be closed the second time around but it
made no difference.

Additionally, the exact same behavior is observed when rsh runs
on Mandrake 10.0 or Solaris 8.  It seems to be intrinsic somehow
in rcmd.

Can somebody please explain what is going on here???

Thanks,

David Mathog

 
 
 

program calls rcmd() twice, _second_ call works for root but not normal users

Post by David Matho » Sun, 19 Jun 2005 02:26:18



> Now the odd part: this modified rsh works just fine for root but for any
> other user the rcmd call works once (for the first host) and
> then gives a

>   rcmd: socket: Permission denied

> when it attempts a second rcmd call.  

I figured it out.  Carried over from the original inetutils/rsh.c
code were two lines

   seteuid (uid);
   setuid (uid);

just before the signal stuff was set up but after the rcmd() call.
All of this was within the loop over target hosts.  Removing these
two lines fixed the problem so that any user could run multiple
rcmd().  It's not clear to me what the purpose of these lines was
in the first place since rsh runs perfectly well without it in the
limited tests I performed.

On the other hand,

  rsh -l someotheruser targetnode 'ls'

apparently doesn't work with either my modified code or with
the original code.  It just hangs on the sending machine.  My
code is based on inetutils 1.4.2

Thanks,

David Mathog


 
 
 

1. How to get calling program name in called program

Hi,

When one program executes another, the child can get the parent pid and,
using ps, grep and awk get the name of the calling process (or is there a
simpler way in C?).

Is there a way for the child to get the name of a script if it was called
from one?  Since the script is not a process, the abovementioned method
won't work, eg:

Assume program foo and script foo.script.  I want to be able to get
"foo.scipt" in foo if foo was called from foo.script.  Is this as
impossible as it seems?

Thank you
Marcel Groenewald

ISCOR Newcastle
South Africa



2. compiling QT for KDE?

3. sound works as root but not normal user

4. Help on modem login configuration

5. X works when called from root, but not from my account, why?

6. color characters

7. why setgid not works although called by root ?

8. ServletExec on NS4.1 Solaris, ".html" bug

9. Syslog call from a C++ program is not working

10. Post to a C-program that calls a Fortran EXE not working...

11. java/43400: linux ibm jdk doesn't work for normal user, only work with root.

12. How to pass envvars from calling shell to called program?

13. Fvwm calling xterm calling another program