setuid() and traceroute

setuid() and traceroute

Post by John Ju » Thu, 06 Jul 1995 04:00:00



(Sorry if this has been asked a lot of times before, I didn't see an FAQ in
rtfm.mit.edu.)

  I'm trying to port traceroute to an HP 9000-715 machine (which I'm the
sysadmin for) but I don't always want to be root to run it.  As a result, I'm
trying to make it a setuid() program.  Unfortunately, I have no idea how to do
that.

  Silly me thought that just putting in:

        setuid (0);

  in main() would work, but it doesn't.

  What am I missing?  Is it even possible to setuid() to root as a normal user?
If so, how is it done?  Do I have to setgid() first (to get the setuid
permission)?  Does the executable's permissions have to use the setuid
permission?  Does the directory that contains the executable have to have the
same permission as well?

  Thanks in advance for any help.

                                                John

-----------------+------------------------------------------------------------
John Jung        | "Cigarette?"  "Yes, it is."  -- Police Squad!
E-mail:          | "The Lord's our shepherd, says the psalm,

 
 
 

setuid() and traceroute

Post by Casper H.S. D » Fri, 07 Jul 1995 04:00:00



Quote:>Ack! That would be a HUGE security hole! To make it setuid root,
>the executable file has to be owned by root and have the user
>sticky-bit set:

Virus warning!   Your brain has been infected with the "sticky" virus.
The virus is mild and its only effects are calling the "set-uid" bit
the "sticky" bit.  It can also cause discomfort after reading followups
to your own postings

Casper
--
Casper Dik - Network Security Engineer - Sun Microsystems
This article is posted from my guest account at the University

Opinions expressed here are mine (but you're welcome to share them with me)

 
 
 

setuid() and traceroute

Post by Joe Foster of Bo » Fri, 07 Jul 1995 04:00:00



> (Sorry if this has been asked a lot of times before, I didn't see an FAQ in
> rtfm.mit.edu.)
>   I'm trying to port traceroute to an HP 9000-715 machine (which I'm the
> sysadmin for) but I don't always want to be root to run it.  As a result, I'm
> trying to make it a setuid() program.  Unfortunately, I have no idea how to do
> that.
>   Silly me thought that just putting in:
>    setuid (0);
>   in main() would work, but it doesn't.

Ack! That would be a HUGE security hole! To make it setuid root,
the executable file has to be owned by root and have the user
sticky-bit set:

cc stuff.o morestuff.o stillmore.o -o foo
chown root foo
chmod u+s foo

[chomp]

--

WARNING: I cannot be held responsible for the above        They're   coming  to
because  my cats have  apparently  learned to type.        take me away, ha ha!

 
 
 

setuid() and traceroute

Post by Edward Ens » Wed, 19 Jul 1995 04:00:00



Quote:

>(Sorry if this has been asked a lot of times before, I didn't see an FAQ in
>rtfm.mit.edu.)
>.....
>Does the executable's permissions have to use the setuid
>permission?

try simply make SUID bit in file permissions and
make it own by root. I beleive you not even have to call setuid() in this
 case.
 
 
 

1. traceroute from VJtr package - ok to setuid root?

I'm on a Solaris 2.5 system.  Just wondering if there are any known
problems or precautions if I make the traceroute binary from the VJtr
package setuid roo so that it can be run by all users, and not just
root.
Direct email responses, or a posting here are appreciated.
-sahir
--
Sahir N. Siddiqui         Res: (201) 217-0952
PO Box 5176, Hoboken NJ 07030                       ))))
      Individualists - UNITE!                      oo-)

2. vi question

3. Setuid to enable user access to traceroute

4. Compilation error with iptables 1.2.2

5. Matrox Mystique ands X.

6. Help! Jazz drive partition table hosed.

7. /usr/sbin/traceroute ha1 ksh: /usr/sbin/traceroute: not found

8. Installing Freebsd

9. Need help with setuid() problems on 386/ix with setuid root program.

10. How does Traceroute Work

11. Traceroute question

12. Traceroute for Solaris 2.4?

13. traceroute source or binary wanted