Date: Mon, 29 Mar 2004 01:19:00 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: Sean Kelly <smkelly@zombie.org> Cc: Ganbold <ganbold@micom.mng.net> Subject: Re: Question regarding shell user creation at login time Message-ID: <20040329071857.GC19463@dan.emsphone.com> In-Reply-To: <20040329023937.GA76248@edgemaster.zombie.org> References: <6.0.3.0.2.20040329102508.029f5670@202.179.0.80> <20040329023937.GA76248@edgemaster.zombie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Mar 28), Sean Kelly said: > On Mon, Mar 29, 2004 at 11:05:55AM +0900, Ganbold wrote: > > 10198 new CALL setuid(0) > > 10198 new RET setuid -1 errno 1 Operation not permitted > > Your attempt to setuid(0) failed. > > > 10198 new CALL execve(0x80485d0,0xbfbfed8c,0xbfbfed94) > > 10198 new NAMI "/home/new/new.pl" > > 10198 new RET execve -1 errno 13 Permission denied > > Your attempt to run that perl script failed. > > > -rwsr-x--- 1 root new 4651 Mar 26 08:47 new > > ---------- 1 root wheel 94 Mar 26 08:47 new.c > > -r-x------ 1 root wheel 15430 Mar 25 15:16 new.pl > > Well, since your attempt to setuid(0) failed, `new.pl` is not being > execve()'d as root. Therefore, the permissions on the `new.pl` file are > such that it can't be read or executed by the user/process. Ah, but if he is in fact running /home/new/new, which is setuid root, then the setuid(0) call (redundant) should have worked, and so should the exec. Ganbold: if you run /home/new/new as an ordinary user, does it work? I can't think of how ssh would be nullifying the setuid bit on that binary, but you never know. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040329071857.GC19463>