Basic setuid question
Hi,
I'm trying to implement the suggestions from
http://subversion.tigris.org/faq.html#website-auto-update to allow me to
update code via a web interface. My code is a bit different from the
example as the example wasn't even trying to work. The code I'm using
is below. However, it appears that the code that is execl()'d is still
not running as the user I'd like. The executable created from the code
below is set to 4755 permissions but it doesn't seem to matter. I've
also tried a variety of the set*uid() methods with various failures.
The printf()'s indicate what I'd expect but the execl()'d program is
still apparently not running as the correct user.
I'm running on
Linux habanero.xigole.com 2.6.18-6-amd64 #1 SMP Tue Aug 19 04:30:56 UTC
2008 x86_64 GNU/Linux
and
$ cat /etc/debian_version
4.0
Is there something obvious going on to prevent the execl()'d process
from running as the correct user? An strace shows that, in this case,
the svn command is still accessing information from the original user's
home account.
Thanks for any help.
Code I'm using:
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <errno.h>
int main( int argc, char** argv )
{
if( argc != 2 )
{
fprintf( stderr, "usage: %s <dir_to_update>\n", argv[0] );
return(EXIT_FAILURE);
}
printf( "(1) euid is %d, uid is %d\n", geteuid(), getuid() );
if( setreuid(geteuid(), geteuid()) != 0 )
{
fprintf( stderr, "Cannot change users. Reason: %s\n",
strerror(errno) );
return(EXIT_FAILURE);
}
printf( "(2) euid is %d, uid is %d\n", geteuid(), getuid() );
execl("/usr/local/bin/svn", "svn", "update", argv[1], (const char *)
NULL);
return(EXIT_FAILURE);
}
Reply to: