Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!math.ohio-state.edu!wupost!gumby!destroyer!news.itd.umich.edu!tiamat.umd.umich.edu!crt
From: crt@tiamat.umd.umich.edu (Rob Shady)
Newsgroups: comp.os.386bsd.bugs
Subject: Re: SUID BUG! -- There back!
Date: 11 Jun 1993 22:15:43 -0400
Organization: Univerisity of Michigan - Dearborn
Lines: 79
Message-ID: <crt.739850733@tiamat.umd.umich.edu>
References: <crt.739809100@tiamat.umd.umich.edu> <CGD.93Jun11103630@eden.CS.Berkeley.EDU>
NNTP-Posting-Host: cw-u01.umd.umich.edu
cgd@eden.CS.Berkeley.EDU (Chris G. Demetriou) writes:
>In article <crt.739809100@tiamat.umd.umich.edu> crt@tiamat.umd.umich.edu (Rob Shady) writes:
Sorry I wasn't so clear...
*** HERE IS THE CONTENTS OF THE FILE ~GUEST/BIN/GO.HOME ***
-- Cut here --
/usr/sbin/chroot /home/guest/guest
-- Cut Here --
Then I ran this from the shell to setup the file...
-- Cut here --
>.chown root.wheel ~guest/bin/go.home
>.chmod 4755 ~guest/bin/go.home
-- Cut here --
>you get "Operation not permitted" from *what*?
I get that message from the "chroot" command. Ie: chroot: Operation not...
>what are the contents of "go.home"? is it a binary?
See above for the contents of "go.home" file. It is *NOT* binary, it is
a shell script...
>(i hope so; setuid shell scripts are currently disallowed
>for security reasons, in both 386bsd and NetBSD.)
Ah, okay.. That isn't very cool. Whose security??? There are alot of SUID
shell scripts that I need to be able to work. And another thing, believing
what you said for a brief moment, I typed this..
-- Cut here --
% cp /bin/sh /tmp/sh
% chown root.wheel /tmp/sh
% chmod 4755 /tmp/sh
% login guest
Password:
... MOTD left out...
% /tmp/sh
$ vi /root/.login
... VI editing left out...
:wq
*** Permission denied - File is READ ONLY!
:q!
ls -al /root/.login
-rw-r--r-- 1 root wheel 59 Jun 9 01:00 /root/.login
-- Cut here --
Hmmm... Sure looks to me that *IF* SUID worked on binary files, that I
should have been able to edit my 'own' .login file since it should have
made me 'equivilent' to "root". Am I correct in this thinking??
... Look, I'm sorry if it sounds like I have an attitude, it's been a bad
day, I should be taking this out on you.. Set me up for an "rls" account
on sun-lamp, and I'll help you guys out.. I found some other stuff you have
probably missed too while I was setting up my system.. I'm more than happy
to help out instead of bitch, if you would like.
11 years in the making, Rob, the UNIX hacker.. ;)
>i'd like to look at the source...
>chris
>--
>Chris G. Demetriou cgd@cs.berkeley.edu
> "386bsd as depth first search: whenever you go to fix something you
> find that 3 more things are actually broken." -- Adam Glass
--
| IBM-PC Demo-Site Maintainer | Super Soft Software, Inc. |
| WASP.ENG.UFL.EDU (128.227.116.1) | Custom Hardware/Software |
|/\/\ Proud owner of IBM 386's, 486's, and an Amiga 1200 /\/\|