Question about set UID (and cdrecord)

To: debian-user@lists.debian.org
Subject: Question about set UID (and cdrecord)
From: Bill Moseley <moseley@hank.org>
Date: Sun, 16 Nov 2003 08:02:48 -0800
Message-id: <[🔎] 20031116160248.GA2367@hank.org>
Mail-followup-to: moseley@hank.org, debian-user@lists.debian.org

I've got an suid shell script and a suid binary:

moseley@bumby:~$ ls -l foo.sh sleep
-rwsr-xr-x    1 root     root           21 2003-11-16 07:38 foo.sh
-rwsr-xr-x    1 root     root        12664 2003-11-16 07:38 sleep

The script simply runs my local suid sleep binary.

moseley@bumby:~$ cat foo.sh
#!/bin/sh
./sleep 3

Running as non-root I see:

I was running cdrecord from a non-root account and saw:

moseley   2324  1.0  0.1  2896 1192 pts/0    S    07:40   0:00 /bin/sh ./foo.sh
root      2325  1.0  0.0  2508  556 pts/0    S    07:40   0:00 ./sleep 3

Which makes sense.  I assume that the shell script isn't really run suid
because /bin/sh is not suid.

Does setting suid on a shell script (or a perl script) have any effect?

If I change the shell script to "exec ./sleep", I still get sleep running as root:

moseley@bumby:~$ cat foo.sh
#!/bin/sh
exec ./sleep 3

And the ps output shows sleep is running as root.

root      2555  1.0  0.0  2508  556 pts/0    S    07:54   0:00 ./sleep 3



Now, here's what prompted this questions.  I was running cdrecord as a
non-root user and I get:

cdrecord.mmap: Operation not permitted. WARNING: Cannot set RR-scheduler
cdrecord.mmap: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord.mmap: WARNING: This causes a high risk for buffer underruns

moseley@bumby:~$ file /usr/bin/cdrecord
/usr/bin/cdrecord: setuid Bourne shell script text executable

moseley@bumby:~$ cat /usr/bin/cdrecord
#!/bin/sh
VERS=`/sbin/kernelversion`
case $VERS in
  2.0|2.2)
    exec cdrecord.shm "$@"
  ;;
  2.4|*)
    exec cdrecord.mmap "$@"
  ;;
esac

moseley@bumby:~$ ls -l /usr/bin/cdrecord /usr/bin/cdrecord.mmap
-rwsr-xr--    1 root     cdrom         142 2003-11-08 16:33 /usr/bin/cdrecord
-rwsr-xr--    1 root     cdrom      342924 2003-11-08 16:33 /usr/bin/cdrecord.mmap

Ok, so those are also suid root.  (And yes, I'm also in the cdrom group).

But when running cdrecord cdrecord.mmap does NOT run as root:

moseley@bumby:~$ cdrecord -v dev=0,1,0 KNOPPIX_V3.3-2003-11-14-EN.iso
Cdrecord-Clone 2.01a19 (i686-pc-linux-gnu) Copyright (C) 1995-2003 Jörg Schilling
[...]
cdrecord.mmap: Operation not permitted. WARNING: Cannot set RR-scheduler
cdrecord.mmap: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord.mmap: WARNING: This causes a high risk for buffer underruns.
Starting to write CD/DVD at speed 16 in real TAO mode for single session.
Last chance to quit, starting real write in 9 seconds.


And cdrecord is running as my user id not as root, even though it's suid
(like in the sleep example above).


moseley   2591  1.0  0.6  5916 5916 pts/0    SL   07:56   0:00 cdrecord.mmap -v dev=0,1,0 KNOPPIX_V3.3-2003-11-14-EN.iso

So why is cdrecord.mmap not running as root?


-- 
Bill Moseley
moseley@hank.org

Reply to:

Follow-Ups:
- Re: Question about set UID (and cdrecord)
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: apt-preferences: is this right?
Next by Date: Re: LKM Trojan
Previous by thread: Re: apt-preferences: is this right?
Next by thread: Re: Question about set UID (and cdrecord)
Index(es):
- Date
- Thread