setuid and make

setuid and make

Post by Martin Pa » Wed, 15 Jan 1997 04:00:00



We have the following setup for our developers here: There
is a global directory containing all the source files of
our project - they are owned by a special user called 'project'.

People check out/in files from there to their local development
directories with RCS, and after checking them back in we want
the tool to be compiled and linked in the global directory.

Under SunOS (4.1.3) I used a C program as a wrapper, that was set
setuid to the project user and called gmake with a popen(). At the
beginning it called setreuid() to set the uid from the euid -
this worked.

Now under Solaris (2.[45]) I tried to do the same, but it looks like
the effective user id doesn't survive the fork() - gmake is called
with the real uid of the user who calls the wrapper. I even tried
to use a setuid-copy of gmake - same result.

Does anyone have an idea on how to solve this ?

Another thing - this isn't a security problem, it's just to keep
ownership and permissions of the global files consistent. Anyway,
giving the password of project to all users (so they can 'su' before
calling make) is not an option. Same applies for giving group permissions
to all files and thrust that the people handle their umasks correctly.

--

       University of Vienna, Austria | Tel: 0222/310 56 08/84
  Department for Software Technology | Fax: 0222/310 56 08/88
                and Parallel Systems | Liechtensteinstrasse 22, A-1090 Wien

 
 
 

1. Making ip-[up.down] script "setuid"

I'm starting pppd as a regular user.  Everything seems to
work fine, except I would like some of the things I execute
in the /etc/ppp/ip-down (or ip-up) script run as root.

For example, I make a backup copy of the /etc/hosts file before
connecting, and then append it with an updated entry after
getting the info back from my dynamic ppp server.  I would like
to be able to move these files around without making them
world writable.  There are some other things too, but you get
the idea...

Maybe this is the default, but it appears that sometimes my
ip-down script will not finish running.  Sometimes it doesn't
even echo some messages to /dev/console.

any advice?  TIA.

--Rob Neely

2. Linux and Disaster Recovery

3. Making /etc/init.d/asppp setuid

4. SparQ and Linux

5. A handy routine for making setuid programs safer

6. Sol 2.4 lpstat ordering

7. making a setuid script

8. Missing dependencies

9. Making ping setuid -- is it safe?

10. Matrox Mystique ands X.

11. Need help with setuid() problems on 386/ix with setuid root program.

12. Making changes to env variables and making them stick

13. Making a new kernel - CVSuped, not made world yet.