vpnc && setuid
Matthias Apitz
guru at unixarea.de
Thu Nov 12 13:44:58 UTC 2015
El día Thursday, November 12, 2015 a las 01:05:49PM +0100, Matthias Apitz escribió:
> El día Thursday, November 12, 2015 a las 10:19:38AM +0000, krad escribió:
>
> > Looks like you need to 640 or 644 it.
>
> Why? The /usr/local/sbin/vpnc is set to:
>
> # ls -l /usr/local/sbin/vpnc
> -rwsr-xr-x 1 root wheel 105092 10 nov 20:12 /usr/local/sbin/vpnc
>
> and the proc should run with euid=0, i.e. as root, but does not do this
> and the question is, why?
I wrote a small C-pgm:
#define _GNU_SOURCE
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#define call(fun) errno = 0; fun; perror(#fun)
int main(int argc, char **argv) {
FILE *fp;
uid_t ruid = -1, euid = -1, suid = -1;
getresuid(&ruid, &euid, &suid);
printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid);
fp = fopen("/usr/local/etc/vpnc.conf", "r");
if( fp != NULL ) {
printf("file /usr/local/etc/vpnc.conf opened\n");
fclose(fp);
}
call(setuid(1000));
getresuid(&ruid, &euid, &suid);
printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid);
return 0;
}
# cc set.c
# strip a.out
# chmod 6711 a.out
# ls -l /usr/local/sbin/vpnc a.out
-rws--s--x 1 root wheel 105092 10 nov 20:12 /usr/local/sbin/vpnc
-rws--s--x 1 root wheel 4340 12 nov 14:41 a.out
When I run this as normal user, it works as expected:
$ ./a.out
> ruid=1001, euid=0, suid=0
file /usr/local/etc/vpnc.conf opened
setuid(1000): No error: 0
> ruid=1000, euid=1000, suid=1000
What is so magic with /usr/local/sbin/vpnc?
--
Matthias Apitz, ✉ guru at unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045
More information about the freebsd-questions
mailing list