General Unix question

General Unix question

Post by ben ellist » Tue, 06 Jul 1993 19:26:00



I'm trying to write a general Unix (incl. Linux) program which will attempt to read and modify a file owned by root. What needs to be done in coding or installing the program to ensure that the program can have priviledges to this file?

Thanks.

--
Ben J. Elliston
Bachelor of Engineering (Computer Engineering)                     \\\//

                                                              --ooO-(_)-Ooo--

FidoNet:    3:620/262

 * Origin: % EchoSprint: bringing HS/Link to your FrontDoor! % (3:620/262)

 
 
 

General Unix question

Post by John C. Wingenba » Thu, 08 Jul 1993 23:29:51



Quote:>I'm trying to write a general Unix (incl. Linux) program which will attempt to
>read and modify a file owned by root. What needs to be done in coding or
>installing the program to ensure that the program can have priviledges to this
>file?

Depends on who is going to run it?  I assume the program is to be run by
non-root user.

   Simply write the program as if permissions were not a problem.  When it
comes time to use the program.  Use  'chmod 4755 program' and 'chown root
program'.   This will set the executable up as owned by root and executable by
anyone.  The 4 in chmod will set it so that executing it informs the OS to act
as if the user running it is (in this case) root.

John C. Wingenbach                 Martin Marietta Energy Systems
                                   Data Systems Research & Development

(615) 574-8345                     1099 Commerce Park
(615) 574-0792 (FAX)               Oak Ridge, TN  37830

 
 
 

General Unix question

Post by Ian Jacks » Fri, 09 Jul 1993 09:05:18




>>I'm trying to write a general Unix (incl. Linux) program which will attempt to
>>read and modify a file owned by root. [...]
>[...]

>   Simply write the program as if permissions were not a problem.  When it
>comes time to use the program.  Use  'chmod 4755 program' and 'chown root
>program'.   This will set the executable up as owned by root and executable by
>anyone.  The 4 in chmod will set it so that executing it informs the OS to act
>as if the user running it is (in this case) root.

This advice is VERY DANGEROUS for the security of your system.
Setuid-root programs have to be *extremely* careful what they do, as
it is very easy to write bugs which allow normal users to become root.

Simply writing a program `as if permissions were not a problem' is not
good enough.  You should take a look at the problem and decide what
the smallest set of operations are that need to be done priveliged.
You should then write a separate program which checks that the
conditions for doing these things are satisfied[*] and does them.
Make that program suid or setgid (something other than suid root, if
possible), and have the rest of your application call it.

Setuid root programs should be very careful about opening files
(especially for writing) and should never[**] run shell scripts.  They
should not use the C library's system() call, as that invokes a shell;
if they need to run other programs they should use execl or execv (NOT
execlp or execvp) directly, and be absolutely sure that the program
they're about to run cannot be fooled into doing anything untoward.

I've probably missed a couple of things here, but you get the general
idea:  BE VERY CAREFUL when writing anything that runs setuid.

Finally, this isn't a Linux-specific topic, and so doesn't really
belong in comp.os.linux.

[*] This step is important !  It's no good saying `the priveliged bit
is deleting such-and-such a file, so I'll write a suid root program
that deletes a file', as it could be used to delete any file !

[**] Unless you're an expert and *really* *absolutely* know what
you're doing.  Even then it's a very bad idea.
--

35 Molewood Close, Cambridge, CB4 3SR, England;  phone: +44 223 327029
PGP2 public key on request; fingerprint = 5906F687 BD03ACAD 0D8E602E FCF37657