Date: Fri, 2 Apr 2004 01:15:31 +0100 From: David Taylor <davidt@yadt.co.uk> To: ghos <ghos@mail.ru> Cc: Ganbold <ganbold@micom.mng.net> Subject: Re: Re[2]: Question regarding shell user creation at login time Message-ID: <20040402001531.GA2388@gattaca.yadt.co.uk> In-Reply-To: <142839937.20040330074923@mail.ru> References: <6.0.3.0.2.20040329102508.029f5670@202.179.0.80> <142839937.20040330074923@mail.ru>
index | next in thread | previous in thread | raw e-mail
On Tue, 30 Mar 2004, ghos wrote: > > You wrote 29 mar 2004, 8:05:55 +0500: > > > Hi, > > > I traced sshd using ktrace and it says: > > ...... > > 10198 new CALL setuid(0) > > 10198 new RET setuid -1 errno 1 Operation not permitted > > 10198 new CALL execve(0x80485d0,0xbfbfed8c,0xbfbfed94) > > 10198 new NAMI "/home/new/new.pl" > > 10198 new RET execve -1 errno 13 Permission denied > > 10198 new CALL exit(0xffffffff) > > ..... [snip] > > > Directory: > > > public# ls -la ~new > > total 46 > > drwxr-xr-x 2 root wheel 512 Mar 29 09:10 . > > drwxr-xr-x 8 root wheel 512 Mar 25 15:28 .. > > -r--r----- 1 root new 767 Mar 24 17:43 .cshrc > > -r--r----- 1 root new 248 Mar 26 12:32 .login > > -r--r----- 1 root new 158 Mar 24 17:43 .login_conf > > -r--r----- 1 root new 373 Mar 24 17:43 .mail_aliases > > -r--r----- 1 root new 331 Mar 24 17:43 .mailrc > > -r--r----- 1 root new 797 Mar 24 17:43 .profile > > -r--r----- 1 root new 276 Mar 24 17:43 .rhosts > > -r--r----- 1 root new 975 Mar 24 17:43 .shrc > > -rwsr-x--- 1 root new 4651 Mar 26 08:47 new > > ---------- 1 root wheel 94 Mar 26 08:47 new.c > > -r-x------ 1 root wheel 15430 Mar 25 15:16 new.pl > > -rw-r--r-- 1 root wheel 52 Mar 25 16:52 new.sh > > > > Can somebody tell me the reason why it is failed? > > > Thanks in advance, > > > Ganbold > > You are not root! You are 'new' in 'new'-group. Try this: > # chmod g+x ~new/new.pl But in theory he should be root, since ~new/new is suid root. Since setuid(0) is failing, you are presumably correct that he is not, though. In any case, ~new/new.pl is owned by group wheel, so g+x won't help, without also changing the group to 'new'. Also, I think for scripts at least, read permission is required in addition to execute permission. (Since you're executing the interpreter, which then reads the script) I'd suggest checking get[e]uid() in ~new/new, and figuring out what it's running as (presumably 'new' group 'new'), and why it's not running as 'root', which it should be. If you give 'new' a "real" shell and log in, then execute ~new/new, what uid does it run as? If that works, I guess it's something ssh is doing (or a bug/feature in the kernel tickled by ssh) As for whether it's a good idea to be trying to set up an automated free shell server without being able to make the above work with your eyes closed... well... Assuming it's just a spare box with some spare network bandwidth to it, and no important data or access to important hosts on the same network, you probably don't care what happens to it. Just remember that _you_ will be held responsible if people start sending worms/spam/abuse from your host, or start installing irc bots (which are can be the target of large denial of service attacks). Personally, trying to keep a shell service running for paying (some of them at least, the rest were using stolen credit cards) customers was enough of a nightmare to encourage me never to give anyone I wouldn't explicitly trust with root on my box any access at all. -- David Taylor davidt@yadt.co.uk "The future just ain't what it used to be"home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040402001531.GA2388>