scripty a s-bit
Milos Urbanek
urbanek at openbsd.cz
Mon May 5 10:47:36 CEST 2003
On Fri, May 02, 2003 at 11:59:49AM +0200, Zbyněk Burget wrote:
> Zdravim vespolek,
> chtel bych se zeptat na takovou vec - mam napsany jeden primitivni script na
> mountovani a umountovani magnetooptickeho disku (jako zkratku prikazu). Ted
> jsem tomu scriptu zkousel nastavit s-bit v domneni, ze pak bude kdokoli moct
> ten disk mountnout nebo umountnout. Ale ouha - porad to funguje jenopm
> rootovi. Pro ostatni hlasi "permisin denied". Zkousel jsem vsechno mozne a
> precetl nekolik manu, ale bezvysledne Nastavovat s-bit primo mountu a
> umountu neni zrovna nejlepsi reseni.
pro interpretovane skripty (vsechno co zacina #!) se berou za atributy
spoustene binarky atributy prikazove interpetu (ktery je uveden za tim #!).
aby vam to fungovalo tak jak potrebujete, musel byste trosku zalaborovat
se zdrojaky kernelu.
neco ve stylu tohodle unifikovaneho diffu, ktery je oproti souboru
s revizi
$FreeBSD: src/sys/kern/kern_exec.c,v 1.218 2003/04/01 01:26:20 jeff Exp $
Milos
> Asi by se to dalo vyresit pomoci sudo,
> ale na te masine je jeste F-BSD 4.2 a soucasne sudo uz na tom nenainstaluju
> (nejaky problem s nejakou knihovnou).
> Nevite nekdo, jak by se to dalo vyresit?
>
> Diky
>
> Zbynek
>
>
--
-------------- next part --------------
--- kern_exec.c 2003-05-05 10:19:52.000000000 +0200
+++ kern_exec.c.suid 2003-05-05 10:19:19.000000000 +0200
@@ -156,11 +156,11 @@
struct proc *p = td->td_proc;
struct nameidata nd, *ndp;
struct ucred *newcred = NULL, *oldcred;
- struct uidinfo *euip;
+ struct uidinfo *euip, *saved_euip = NULL;
register_t *stack_base;
int error, len, i;
struct image_params image_params, *imgp;
- struct vattr attr;
+ struct vattr attr, saved_attr;
int (*img_first)(struct image_params *);
struct pargs *oldargs = NULL, *newargs = NULL;
struct procsig *oldprocsig, *newprocsig;
@@ -330,6 +330,8 @@
* activate the interpreter.
*/
if (imgp->interpreted) {
+ saved_attr = *imgp->attr;
+ saved_euip = uifind(saved_attr.va_uid);
exec_unmap_first_page(imgp);
/*
* VV_TEXT needs to be unset for scripts. There is a short
@@ -462,6 +464,10 @@
attr.va_uid;
credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
attr.va_gid;
+ credential_changing |= (saved_attr.va_mode & VSUID) &&
+ oldcred->cr_uid != saved_attr.va_uid;
+ credential_changing |= (saved_attr.va_mode & VSGID) &&
+ oldcred->cr_gid != saved_attr.va_gid;
#ifdef MAC
will_transition = mac_execve_will_transition(oldcred, imgp->vp,
interplabelvalid ? &interplabel : NULL, imgp);
@@ -511,6 +517,10 @@
change_euid(newcred, euip);
if (attr.va_mode & VSGID)
change_egid(newcred, attr.va_gid);
+ if (saved_attr.va_mode & VSUID)
+ change_euid(newcred, saved_euip);
+ if (saved_attr.va_mode & VSGID)
+ change_egid(newcred, saved_attr.va_gid);
#ifdef MAC
if (will_transition) {
mac_execve_transition(oldcred, newcred, imgp->vp,
@@ -603,6 +613,8 @@
* Free any resources malloc'd earlier that we didn't use.
*/
uifree(euip);
+ if (saved_euip)
+ uifree(saved_euip);
if (newcred == NULL)
crfree(oldcred);
else
More information about the Users-l
mailing list