From owner-freebsd-questions@FreeBSD.ORG Wed Jul 23 15:32:51 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7E0D37B401 for ; Wed, 23 Jul 2003 15:32:51 -0700 (PDT) Received: from hotmail.com (sea1-f5.sea1.hotmail.com [207.68.163.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4080843F3F for ; Wed, 23 Jul 2003 15:32:51 -0700 (PDT) (envelope-from gs_stoller@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 23 Jul 2003 15:32:50 -0700 Received: from 205.184.160.213 by sea1fd.sea1.hotmail.msn.com with HTTP; Wed, 23 Jul 2003 22:32:50 GMT X-Originating-IP: [205.184.160.213] X-Originating-Email: [gs_stoller@hotmail.com] From: "Gerald S. Stoller" To: dnelson@allantgroup.com Date: Wed, 23 Jul 2003 18:32:50 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 23 Jul 2003 22:32:50.0981 (UTC) FILETIME=[59B34550:01C3516A] cc: vze25pmf@verizon.net cc: ryan@sasknow.com cc: freebsd-questions@freebsd.org Subject: Re: set user-id X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2003 22:32:52 -0000 >From: Dan Nelson >To: "Gerald S. Stoller" >CC: ryan@sasknow.com, vze25pmf@verizon.net, freebsd-questions@freebsd.org >Subject: Re: set user-id >Date: Wed, 23 Jul 2003 14:23:05 -0500 > >In the last episode (Jul 23), Gerald S. Stoller said: > > > > > > > > >From: Dan Nelson > > >To: Ryan Thompson > > >CC: "Gerald S. Stoller" , vze25pmf@verizon.net, > > >FreeBSD Questions > > >Subject: Re: set user-id > > >Date: Tue, 22 Jul 2003 14:37:29 -0500 > > > > > >In the last episode (Jul 22), Ryan Thompson said: > > >> If you *really* want to have suid scripts, your binary wrapper idea >is > > >> quite a common trick. Don't get fancy with it, though. A one-liner to > > >> execve(2) should really be all you need. Either that, or re-code the > > >> whole thing in C (or some other compiled language). C can introduce > > >> insecurities of its own, but at least you'd (arguably) have put them > > >> there yourself. :-) > > > > > >I use sudo for stuff like this. I add a line like this in sudoers: > > > > > I don't understand the next line! > > >ALL ALL = NOPASSWD: /usr/local/bin/thescript > > ??? Setting a variable?? Okay, invoking the script > >The sudoers file has a really weird syntax, but what that means is that >any user (the first ALL keyword) may run "thescript" as root on any >machine (the second ALL keyword; this allows the same file to be >replicated to multiple machines) without a password prompt (the >NOPASSWD: keyword). > > > >>Well, why don't you just chmod 4755 /bin/ksh, then. :-D > > with a slight change, I copied ksh to /bin with the name kshroot , > > made sure > > that the group on it is the group of root , and then did > > chmod 4750 /bin/kshroot > > Thus only the users who are 'close to' root (e.g., generally users who >have > > the > > root password so they can become root if necessary) can run this >shell > > whenever > > they need to act as root , and can use it in scripts (first line: > > #!/bin/kshroot). Again > > note that these scripts can only be invoked by users who are 'close to' > > root. For the > > other users, I'd have to use a sudo. > >That will work, too. > >-- > Dan Nelson > dnelson@allantgroup.com Thinking about this a little more, let's think of these scripts as being text that is to be interpreted and specifies its interpretor somehow (say as the scripts do, on the first line with '#!' and then a path to the interpretor). When such a file has set user-id on, the user-id of the file is put on its interpretor (similar action for the group-id) and then the interpretor is run. This is probably just a small change in the kernel and should make things run smoothly. [What module of the kernel takes care of: 1) determining if a file (about to be invoked) has set user-id on, 2) making the user-id of the file the effecive user-id of the process, 3) accepting from a shell an instruction as to which shell to use to interpret a script file] I may try ro do this on my own if these three questions are answered (and maybe some others, I notice that the source code is sparse on comments and directions as to what purpose structures are used, so I may not get enough info to do this just from these questions). _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus