> Hello Frank,
> > chmod u+s works in linux, but not for scripts, only for compiled
> > binaries. To execute scripts with root privaliges as a user you need to
> > use sudo or super.
> I am using that on a compiled program (see below).
> The program then tries to call a script.
I'm not sure what will happen on execve if real uid is different
from effective uid. But you can surely call the script with the
permissions of the owner of the wrapper executable, you just have
to change the real uid to be equal to the effective uid. If you
need to know the old real uid for some reason store it away before
you change it.
But take care, you already have at least three security problems
in your program.
> If Linux does not allow that, how do suid and super allow it?
> #include <stdio.h>
> #include <string.h>
> #include <unistd.h>
> int main( int argc, char *argv )
> char cmand;
> int error;
> strcpy( cmand, "/usr/CFSRUN/SCOWRAP/" );
> strcat( cmand, argv );
Here is a buffer overflow.
Quote:> printf( "argv=%s ;; cmand=%s ;;\n", argv, cmand );
> error = execv( cmand, ++argv );
Here you use the user suplied input without
validation. Imagine that the user could
include /../ in argv
Here you use the user suplied environment. You
must never rely on the user suplied environment.
Instead you should build your own, which can
include a few known secure variables from the user
environment, if that is desired. It probably should
also contain the real uid value from before you
Quote:> printf( "WRAP failure, error=%i \n", error );
> return error;
Kasper Dupont -- der bruger for meget tid p? usenet.
Hvem er fjenden i Aalborg?