Board index Unix Programmer

getpwnam fails in setuid program using NIS+ on HP-UX 11

getpwnam fails in setuid program using NIS+ on HP-UX 11

Post by Johan Harmse » Thu, 15 May 2003 06:37:21



First of all I hope this is the correct newsgroup to ask this type of
questions, if not let me know.

A call getpwnam("johan") fails if the program is owned by johan and has
the setuid bit set and the program is executed by root. Executed by any
other user it works OK. This happens on HP-UX 11 with NIS+ installed.
The user root is defined in the local /etc/passwd file, johan is defined
in some remote NIS+ table. The errno returned is 'Permission denied'. If
I remove the setuid bit it works correctly under all circumstances.
If I execute it using tusc (the HP variant of truss) it also works
correctly, but I think that's because the setuid is handled in a
peculiar way, I noticed that under different circumstances

Does anybody have any idea what the cause of this problem could be.

Johan

 
 
 
Top

getpwnam fails in setuid program using NIS+ on HP-UX 11

Post by Fletcher Glen » Fri, 16 May 2003 01:00:16



> First of all I hope this is the correct newsgroup to ask this type of
> questions, if not let me know.

> A call getpwnam("johan") fails if the program is owned by johan and has
> the setuid bit set and the program is executed by root. Executed by any
> other user it works OK. This happens on HP-UX 11 with NIS+ installed.
> The user root is defined in the local /etc/passwd file, johan is defined
> in some remote NIS+ table. The errno returned is 'Permission denied'. If
> I remove the setuid bit it works correctly under all circumstances.
> If I execute it using tusc (the HP variant of truss) it also works
> correctly, but I think that's because the setuid is handled in a
> peculiar way, I noticed that under different circumstances

> Does anybody have any idea what the cause of this problem could be.

> Johan

As part of its incredibly paranoid security, NIS+ has permission bits
for its data that are unrelated to file permissions.  The NIS+
administrator has to set things up so that various users can
access information.  IIRC, being root is not sufficient to
allow access to internal NIS+ information.  Instead, you have to present
NIS+ administrator credentials, or your own identity must be allowed
access through NIS+ permission bits.

--
                Fletcher Glenn


 
 
 
Top

getpwnam fails in setuid program using NIS+ on HP-UX 11

Post by Valentin Nechaye » Fri, 16 May 2003 03:47:43


Quote:>> A call getpwnam("johan") fails if the program is owned by johan and has
>> the setuid bit set and the program is executed by root. Executed by any
>> other user it works OK. This happens on HP-UX 11 with NIS+ installed.
>> The user root is defined in the local /etc/passwd file, johan is defined
>> in some remote NIS+ table. The errno returned is 'Permission denied'. If
>> I remove the setuid bit it works correctly under all circumstances.
>> If I execute it using tusc (the HP variant of truss) it also works
>> correctly, but I think that's because the setuid is handled in a
>> peculiar way, I noticed that under different circumstances

So, getpwnam() fails if real uid == 0, and effective uid == uid(johan)?
Well, it is possible. Well, change real uid to effective (saving root
in `saved uid', man getresuid for details) and return it after getpwnam().
It is also reasonable to call endpwent() before any switching of uids.

-netch-

 
 
 
Top

getpwnam fails in setuid program using NIS+ on HP-UX 11

Post by Johan Harmse » Sat, 17 May 2003 22:19:49


Thanks for the reply, unfortunately both suggestions did not help, in fact
I tried all permutations of uid and euid of root, johan and some other user
but the error remained the same.

Johan

Quote:> >> A call getpwnam("johan") fails if the program is owned by johan and has
> >> the setuid bit set and the program is executed by root. Executed by any
> >> other user it works OK. This happens on HP-UX 11 with NIS+ installed.
> >> The user root is defined in the local /etc/passwd file, johan is
defined
> >> in some remote NIS+ table. The errno returned is 'Permission denied'.
If
> >> I remove the setuid bit it works correctly under all circumstances.
> >> If I execute it using tusc (the HP variant of truss) it also works
> >> correctly, but I think that's because the setuid is handled in a
> >> peculiar way, I noticed that under different circumstances

> So, getpwnam() fails if real uid == 0, and effective uid == uid(johan)?
> Well, it is possible. Well, change real uid to effective (saving root
> in `saved uid', man getresuid for details) and return it after getpwnam().
> It is also reasonable to call endpwent() before any switching of uids.

> -netch-

 
 
 
Top

1. Core dump while Running Socket program with RPC callsin it on HP-UX 11 Machine.

Hi,

We are getting Bus error(Coredump) While runing the program ibbsserver
(ibbsserver.pc which is pro*c code). which has the socket programing
and RPC calls in it.
While linking it is including the libpthread and libdce libraries.
for testing we have written the sample socket server program (in c ).
It is running properly when libdce is not included.
After including libdce started giving core dump.

Here with giving the linking script.

"cc -Ac -g -V -v -I/usr2/wrk/ -I/usr1/soft/smshdr -I/usr/bin/include
-I/usr/inclu
de -L/usr1/smscomn/obj -L/usr1/sms/obj -L/usr1/smscomn/obj
-L/usr2/ibbs  -L/orac

le817/lib -DDEBUGCITI -DDEBUGCITI -D_POSIX_SOURCE -D_HPUX_SOURCE
ibbsunxfns.o /u

sr1/citilnk8.cpc/obj/ibbssms02.o /usr2/ibbs/queryibbs.o
/usr2/ibbs/ibbs_api.o -o

 ibbs ibbsservern.o  -lsql8 -lclntsh -lcore8 -lm -l:libdce.sl  
-l:libm.sl -libb

sde10 -libbsqry10  -libbssms10 -libbscom10 -libbsupdate10
-libbscustquery10 -lib

bsdataquery10 -libbstxnf10   -l4csms"

Following are the .a created for the product
libbsde10 -libbsqry10  -libbssms10 -libbscom10 -libbsupdate10
-libbscustquery10 -lib

bsdataquery10 -libbstxnf10

Pls advice on the same.

2. Another PPP problem

3. Linking Issues using "cc" on HP-UX 11

4. Live CD booting problems

5. using usleep() on HP-UX 11

6. fvwm prblem. Control Panel Disappears

7. How install SSL on HP 580 HP-UX 11 with Iplanet 4.1?, pcumming

8. Samtron Monitor Refresh Rate for X...

9. HP-UX 10.20 mount/unmount fs using setuid root

10. lynx for HP-UX 11.x?

11. Audit (log) on HP-UX 11 ?

12. find(1) question on HP-UX 11


All times are UTC
Board index