A local wrapper application has started to fail. I am trying to figure out
how to get it to work again.
The wrapper is designed to provide a cross platform layer. The code
takes a look at uname's output, then constructs a pathname to the real
application, based on the output of uname.
It then does an
exec $newpath $arguments
type invocation to the appropriate application.
What we are seeing is that this works fine when invoked from normal scripts.
But if the script that invokes the wrapper is setuid, the effective
userid is being lost.
The peculiar thing is that this wrapper has not been modified for more
than 4 months. It has been working daily. The ksh that it uses hasn't
been changed for a year.
But in the past week or two, we started getting errors indicating that
the set-uid case was losing the different effective user-id.
If we change the script to skip the wrapper, and invoke the architecture
specific binary directly, things work just fine. It would just mean
that we would have to expand the number of scripts we have - one for
Is anyone familar with what kinds of conditions might cause ksh to throw
away set-uid bits - or at least what kinds of things I need to do in a ksh
script to ensure that the effective and real user-id gets passed along
to the binary being exec'd ?
<URL: http://wiki.tcl.tk/ > In God we trust.
Even if explicitly stated to the contrary, nothing in this posting
should be construed as representing my employer's opinions.