FreeBSD Mail Archives

Date:      Sat, 16 Oct 2004 13:32:29 -0700
From:      Randy Bush <randy@psg.com>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: /security/op on -current?
Message-ID:  <16753.34141.727408.377491@ran.psg.com>

next in thread | raw e-mail | index | archive | help

> I think you missed my point :) It could be a pam interaction or some
> other dark magic, but you've not given much information upon which to
> base a guess.

sorry.  too much happening here to get it today.

% id
uid=106(robot) gid=10 groups=10

% ls -l /usr/home/robot/cr /var/dns/INC.cr
-rw-------  1 robot  staff  19951 Oct 16 05:31 /usr/home/robot/cr
-rw-r--r--  1 bind   bind   23087 Nov  5  2003 /var/dns/INC.cr

# cat /usr/local/etc/op.access
DEFAULT users=robot
dns.cr.cp /bin/cp $1 $2
          /bin/chmod 644 $2
          /usr/sbin/chown bind:bind $2

% ktrace op dns.cr.cp /usr/home/robot/cr /var/dns/INC.cr
line 1: cmd='DEFAULT' add opt 'users=robot'
line 2: cmd='dns.cr.cp' add arg '/bin/cp'
line 2: cmd='dns.cr.cp' add arg '$1'
line 2: cmd='dns.cr.cp' add arg '$2'
line 3: cmd='dns.cr.cp' add arg '/bin/chmod'
line 3: cmd='dns.cr.cp' add arg '644'
line 3: cmd='dns.cr.cp' add arg '$2'
line 4: cmd='dns.cr.cp' add arg '/usr/sbin/chown'
line 4: cmd='dns.cr.cp' add arg 'bind:bind'
line 4: cmd='dns.cr.cp' add arg '$2'
line 5: cmd='' add arg '/bin/cp'
line 5: cmd='' add arg '$1'
line 5: cmd='' add arg '$2'
line 5: cmd='' add arg '/bin/chmod'
line 5: cmd='' add arg '644'
line 5: cmd='' add arg '$2'
line 5: cmd='' add arg '/usr/sbin/chown'
line 5: cmd='' add arg 'bind:bind'
line 5: cmd='' add arg '$2'
line 5: cmd='' add opt 'users=robot'
Permission denied by op

% kdump
 99278 ktrace   RET   ktrace 0
 99278 ktrace   CALL  execve(0xbfbfe560,0xbfbfea8c,0xbfbfeaa0)
 99278 ktrace   NAMI  "/bin/op"
 99278 ktrace   RET   execve -1 errno 2 No such file or directory
 99278 ktrace   CALL  execve(0xbfbfe560,0xbfbfea8c,0xbfbfeaa0)
 99278 ktrace   NAMI  "/sbin/op"
 99278 ktrace   RET   execve -1 errno 2 No such file or directory
 99278 ktrace   CALL  execve(0xbfbfe560,0xbfbfea8c,0xbfbfeaa0)
 99278 ktrace   NAMI  "/usr/bin/op"
 99278 ktrace   RET   execve -1 errno 2 No such file or directory
 99278 ktrace   CALL  execve(0xbfbfe560,0xbfbfea8c,0xbfbfeaa0)
 99278 ktrace   NAMI  "/usr/sbin/op"
 99278 ktrace   RET   execve -1 errno 2 No such file or directory
 99278 ktrace   CALL  execve(0xbfbfe560,0xbfbfea8c,0xbfbfeaa0)
 99278 ktrace   NAMI  "/usr/X11R6/bin/op"
 99278 ktrace   RET   execve -1 errno 2 No such file or directory
 99278 ktrace   CALL  execve(0xbfbfe560,0xbfbfea8c,0xbfbfeaa0)
 99278 ktrace   NAMI  "/usr/local/bin/op"
 99278 ktrace   NAMI  "/libexec/ld-elf.so.1"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16753.34141.727408.377491>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation