"setuid fail" message in /var/adm/messages

"setuid fail" message in /var/adm/messages

Post by Skon Lapamnuaypo » Fri, 30 Apr 1999 04:00:00



I got a problem when I tried to execute program called  probrkr.  That
program spawns another process called _dtsrv to handle TCP session from
client.   The setuid bit of the both are enable.

anyfs1:/rtc/dlc/bin>ls -l _probrkr _dtsrv
-rws-xr-x   1 root     root      612536 Apr 21 10:20 _dtsrv
-rws-xr-x   1 root     root      353316 Apr 21 10:20 _probrkr      

After _dtsrv was executed by _probrkr.  The process (_dtsrv) was terminated
and generate a core file.   In /var/adm/messages, there are messages said
about  setuid.

Apr 21 09:01:02 anyfs1 unix: NOTICE: _probrkr, uid 3000: setuid execution
not allowed, dev=80001f
Apr 21 09:05:07 anyfs1 unix: NOTICE: _dtsrv, uid 3000: setuid execution not
allowed, dev=80001f

I tried to start those program by root. The result was still the same.
Those program are run on Sun Sparc 5 with Solaris 2.6.

Does anyone have any idea/reference about this problem.  I guess, if I can
solve this problem, those program will work properly.

Thanks in advances
Skon L.

 
 
 

"setuid fail" message in /var/adm/messages

Post by Neil Ricke » Fri, 30 Apr 1999 04:00:00



>I got a problem when I tried to execute program called  probrkr.  That
>program spawns another process called _dtsrv to handle TCP session from
>client.   The setuid bit of the both are enable.
>anyfs1:/rtc/dlc/bin>ls -l _probrkr _dtsrv
>-rws-xr-x   1 root     root      612536 Apr 21 10:20 _dtsrv
>-rws-xr-x   1 root     root      353316 Apr 21 10:20 _probrkr      
>After _dtsrv was executed by _probrkr.  The process (_dtsrv) was terminated
>and generate a core file.   In /var/adm/messages, there are messages said
>about  setuid.
>Apr 21 09:01:02 anyfs1 unix: NOTICE: _probrkr, uid 3000: setuid execution
>not allowed, dev=80001f
>Apr 21 09:05:07 anyfs1 unix: NOTICE: _dtsrv, uid 3000: setuid execution not
>allowed, dev=80001f

Most likely, the nfs file systems are mounted with the 'nosuid'
option.  Check the output of '/usr/sbin/mount', or look in
'/etc/mnttab'.

 
 
 

"setuid fail" message in /var/adm/messages

Post by Casper H.S. Dik - Network Security Engine » Fri, 30 Apr 1999 04:00:00


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]


>I got a problem when I tried to execute program called  probrkr.  That
>program spawns another process called _dtsrv to handle TCP session from
>client.   The setuid bit of the both are enable.
>Apr 21 09:01:02 anyfs1 unix: NOTICE: _probrkr, uid 3000: setuid execution
>not allowed, dev=80001f
>Apr 21 09:05:07 anyfs1 unix: NOTICE: _dtsrv, uid 3000: setuid execution not
>allowed, dev=80001f

The filesystem is mounted "nosuid".

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

"setuid fail" message in /var/adm/messages

Post by Chris Thomps » Fri, 30 Apr 1999 04:00:00



[...]

Quote:

>anyfs1:/rtc/dlc/bin>ls -l _probrkr _dtsrv
>-rws-xr-x   1 root     root      612536 Apr 21 10:20 _dtsrv
>-rws-xr-x   1 root     root      353316 Apr 21 10:20 _probrkr      

>After _dtsrv was executed by _probrkr.  The process (_dtsrv) was terminated
>and generate a core file.   In /var/adm/messages, there are messages said
>about  setuid.

>Apr 21 09:01:02 anyfs1 unix: NOTICE: _probrkr, uid 3000: setuid execution
>not allowed, dev=80001f
>Apr 21 09:05:07 anyfs1 unix: NOTICE: _dtsrv, uid 3000: setuid execution not
>allowed, dev=80001f

These messages usually mean that the executable is coming from a filing system
that is mounted nosuid. Confirm that by checking in /etc/mnttab (or use
/usr/sbin/mount | grep 'the filing system').

The kernel goes ahead and runs the program anyway, without changing euid/egid.
The core dumps are presumably the result of them not being root when they needed
to be [although that indicates a buggy sort of program, of course].

Chris Thompson
Email: cet1 [at] cam.ac.uk

 
 
 

1. grep "date" in /var/adm/messages

Hi,

  I want to grep only the message for today's messages.

  e.g.  date | awk '{print $2 " " $3}'

  So that I got the result Feb 16.

  How can I make use of the above result with grep for
/var/adm/messages ?

  Currently, I used :

  tail -100 /var/adm/messages | grep "Feb 16"

......

Pls advise

TH

Sent via Deja.com http://www.deja.com/
Before you buy.

2. TCP accept Q

3. "unknown printer" in /var/adm/messages

4. Adding a NIC

5. syslogd failed to log message to /var/adm/messages

6. 3c509/3c509b and SportsterVoice

7. "IP fw-in deny" message in /var/log/messages

8. Alternate C Beautifier

9. Identd "bind: Address already in use" messages in /var/log/messages

10. "Source Route Failed", "LOGIN FAIL..", "Malformed response", and "Lame server" messages in /var/log

11. ps command failed and produced "Bus error" or "Segmentation fault" messages

12. "cd -L /usr/adm ; lc .." == "lc /var" ??

13. trimming /var/adm/messages & /var/adm/syslog