Re: discarding root privileges in suid perl
On Mon, Oct 16, 2000 at 11:59:18PM -0700, Mike Markley wrote:
> What kernel version is this? Wasn't there something weird with a recent
> 2.2.x kernel dropping privs (manifested in a sendmail exploit)? I don't
> remember details...
That required capabilities; this isn't related.
I would expect this to be something to do with saved userids... see
setresuid(2) for more information:
Unprivileged user processes (i.e., processes with each of
real, effective and saved user ID nonzero) may change the
real, effective and saved user ID, each to one of: the
current uid, the current effective uid or the current
saved uid.
The super-user may set real, effective and saved user ID
to arbitrary values.
It's not clear what happens when saved uid is zero and the others are
nonzero, but I bet that's what you're seeing. Note that saved uid is
-not- preserved across exec() IIRC. So if you drop priviledges and
then run a script that tries to get them back, it will fail, even if
the parent could.
> On Tue, Oct 17, 2000 at 02:32:21PM +1100, Brian May <bam@debian.org> spake forth:
> > >>>>> "Miquel" == Miquel van Smoorenburg <miquels@cistron.nl> writes:
> >
> > Miquel> In article <84lmvpg3bz.fsf@snoopy.apana.org.au>, Brian May
> > Miquel> <bam@debian.org> wrote:
> > >> According to "man perlsec", line 300+, the following code
> > >> should destroy extra privileges in a suid root perl script:
> > >>
> > >> $EUID = $UID; $EGID = $GID; # initgroups() also called!
> >
> > Miquel> You need to 'use English' for the $EUID etc variables to
> > Miquel> work. Otherwise use $>, $<, etc. See 'man perlvar'
> >
> > Already done. I also use strict, to ensure mistakes like this cannot
> > happen.
> >
> > As for this problem, I suspect perl or libc6 might be caching the old
> > permissions somewhere, but I don't understand how or why.
> >
> > Otherwise, it should normally be impossible for a non-root program (ie
> > UID!=root and EUID!=root) to suddenly obtain root privileges.
> > --
> > Brian May <bam@debian.org>
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> --
> Mike Markley <mike@markley.org>
> PGP: 0xA9592D4D 62 A7 11 E2 23 AD 4F 57 27 05 1A 76 56 92 D5 F6
> GPG: 0x3B047084 7FC7 0DC0 EF31 DF83 7313 FE2B 77A8 F36A 3B04 7084
>
> Emotions are alien to me. I'm a scientist.
> - Spock, "This Side of Paradise", stardate 3417.3
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
Reply to: