suid on a C program

suid on a C program

Post by sky3416 » Fri, 11 Feb 2000 04:00:00



Hello,

 I KNOW suid script doesn't work and it is better so.
 But on my HP-UX machine i can do the following:

 Let say i have a  c_program   (RWSR_XR_X   c_program)

 The c_program does the following:

   system("/home/user1/hello")

 "hello" is a shell script (ksh)
 The permission of the script "hello" are RWX ___ ___

  Any user may execute the script "hello" by running
  the c_program. And they can't read the script "hello".
  The same is true with a perl script, expect script,
  awk script,...
  You just have to call the script from a compiled
  C program.

 Now the question :

    Why doesn't it work with linux ??
    (mandrake6.1 - kernal 2.2.13-7 - bash)

Thanks for any light on the subject.

   Pierre.

 
 
 

suid on a C program

Post by sky3416 » Fri, 11 Feb 2000 04:00:00


 Hello again,

  Just to say that in "Programming Perl" page 361
  i just read :

   "You have to put a C wrapper around the script.
    A C wrapper is just a compiled program that does          
    nothing except call your Perl program"

  That's what i've done with c_program.
  So why does it work on the HP-UX and not with my
  linux box ?? (neither with bash or ksh)


> Hello,

>  I KNOW suid script doesn't work and it is better so.
>  But on my HP-UX machine i can do the following:

>  Let say i have a  c_program   (RWSR_XR_X   c_program)

>  The c_program does the following:

>    system("/home/user1/hello")

>  "hello" is a shell script (ksh)
>  The permission of the script "hello" are RWX ___ ___

>   Any user may execute the script "hello" by running
>   the c_program. And they can't read the script "hello".
>   The same is true with a perl script, expect script,
>   awk script,...
>   You just have to call the script from a compiled
>   C program.

>  Now the question :

>     Why doesn't it work with linux ??
>     (mandrake6.1 - kernal 2.2.13-7 - bash)

> Thanks for any light on the subject.

>    Pierre.


 
 
 

suid on a C program

Post by Tim Hayne » Fri, 11 Feb 2000 04:00:00



>   Just to say that in "Programming Perl" page 361
>   i just read :

>    "You have to put a C wrapper around the script.
>     A C wrapper is just a compiled program that does          
>     nothing except call your Perl program"

>   That's what i've done with c_program.
>   So why does it work on the HP-UX and not with my
>   linux box ?? (neither with bash or ksh)
> >  The c_program does the following:

> >    system("/home/user1/hello")

> >  "hello" is a shell script (ksh)

Does the C wrapper call setuid() and seteuid() properly? What are the
permissions on it, and on the shell script on linux? (How about making the
permissions on the C wrapper something like og=rX,u=rws ?)

~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills,         | http://www.glutinous.custard.org

 
 
 

suid on a C program

Post by Martin Jos » Fri, 11 Feb 2000 04:00:00


[...]

Quote:>  Let say i have a  c_program   (RWSR_XR_X   c_program)

>  The c_program does the following:

>    system("/home/user1/hello")

>  "hello" is a shell script (ksh)
>  The permission of the script "hello" are RWX ___ ___

>   Any user may execute the script "hello" by running
>   the c_program. And they can't read the script "hello".
[...]
>  Now the question :

>     Why doesn't it work with linux ??
>     (mandrake6.1 - kernal 2.2.13-7 - bash)

What do you mean by "doesn't work" ? What _does_ happen ?
AFAIK you can compile perl, to disregard the SUID-Bit.
If you have done this on LINUX (but not on HPUX), perl will
behave differently regarding SUID-scripts (with or without
wrappers)

Martin

 
 
 

suid on a C program

Post by Valdis Kletniek » Fri, 11 Feb 2000 04:00:00



> >  Let say i have a  c_program   (RWSR_XR_X   c_program)

> >  The c_program does the following:

> >    system("/home/user1/hello")

'system()' from within a C program is a Very Bad Idea.  Using
fork/()execve() (or similar) yourself closes most of the holes, which
basically descend from the fact that system() does a fork/exec of a
shell, which ends up getting launched with the target UID/GID - but is
prone to symlink races, argv screws, and 3 zillion other ways to make
the shell execute something other than /home/user1/hello.
 
 
 

suid on a C program

Post by tupl » Sat, 12 Feb 2000 04:00:00


Sorry if i wasn't clear about the problem.
What i mean by "it doesn't work" is that i get  "permission denied" and it
works without problem on HP-UX.

Let's have a second look at it.
First i have a script (ksh or perl or expect, it doesn't matter)
Let's say it is a ksh script with only one line in it (eg. echo "Hello from
ksh script")
The permission of this script are RWX ___ ___

Now i have a C program as the following one:
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <curses.h>
#include <unistd.h>
#include <string.h>
int main(int argc, char *argv[]) {
  system("/home/usxxx/hello");
  return(0);

Quote:}/*end_of_main*/

This C program has the following permissions RWS R_X R_X

Now when someone run the C program on the HP-UX, he will get "Hello from ksh
script".
But on my linux box (mandrale6.1 - kernal2.2.7-13) he will get "permission
denied".

Why ???
Thanks for any light you can give on the subject.

Pierre.

 
 
 

suid on a C program

Post by Buddy Smit » Sat, 12 Feb 2000 04:00:00


From perldoc perlsec:

           #define REAL_PATH "/path/to/script"
           main(ac, av)
               char **av;
           {
               execv(REAL_PATH, av);
           }

If you need to pass in arguments, change:
char **av;
to:
char **av = "-foo=bar -bar=baz";

Give this a try.

--buddy


: Hello,

:  I KNOW suid script doesn't work and it is better so.
:  But on my HP-UX machine i can do the following:

:  Let say i have a  c_program   (RWSR_XR_X   c_program)

:  The c_program does the following:

:    system("/home/user1/hello")

:  "hello" is a shell script (ksh)
:  The permission of the script "hello" are RWX ___ ___
:  
:   Any user may execute the script "hello" by running
:   the c_program. And they can't read the script "hello".
:   The same is true with a perl script, expect script,
:   awk script,...
:   You just have to call the script from a compiled
:   C program.

:  Now the question :

:     Why doesn't it work with linux ??
:     (mandrake6.1 - kernal 2.2.13-7 - bash)

: Thanks for any light on the subject.

:    Pierre.

 
 
 

suid on a C program

Post by Barry Margoli » Sat, 12 Feb 2000 04:00:00




Quote:>From perldoc perlsec:

>           #define REAL_PATH "/path/to/script"
>           main(ac, av)
>               char **av;
>           {
>               execv(REAL_PATH, av);
>           }

>If you need to pass in arguments, change:
>char **av;
>to:
>char **av = "-foo=bar -bar=baz";

That should be:

char **av = {REAL_PATH, "-foo=bar", "-bar=baz", 0};

Even if you don't need to pass in arguments, you need to provide argv[0],
so it should be:

char **av = {REAL_PATH, 0};

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.