Hi Managers,
On DEC, Does anyone know how to maintain a setuid bit when using a popen()?
For example, if an executable has permissions of 4777 and owned by root:
-rxsrwxrwx root staff a.out
and that executable issues a popen() which forks a process and execs a shell command
fin = popen("ipcs -q", "r");
Typically, its real user id is the id of the user who ran the command,
lets say 1001 for grins. The effective user id of the command
is 0, or root in this case because of the setuid bit. This
normally allows this process to act as root.
However, popen() forks a new process that does not keep the effective
user id of the parent(0). Instead, it's effective user becomes
the real user id (issuer of the command 1001) instead of root
in this case, and its real user id stays at 1001. In the case
of issuing the ipcs command, output will vary depending on which
user is issuing the command. I also would not like to have my
process doing a setuid(0) for the duration either.
Maybe there is something sneaky you can do with set/get uid/euid
as well.
Is the only way around this to fork your own process, seteuid to 0
in the child, open a pipe, and then run the ipcs command and write
its output to the pipe to be read then into a buffer? Seems to me
like popen() is a lot shorter and sweeter if I can somehow get around
this.
Assuming you can't get around this with popen(), I'm assuming the
Code would very loosely look like below:
int to_ipcs[2];
int from_ipcs[2];
pipe(to_ipcs)
pipe(from_ipcs)
switch (fork())
{
case -1:
perror("Fork Failed ");
exit(1);
case 0:
seteuid(0);
execl("usr/bin/ipcs", "ipcs", "-q", (char *) NULL);
/* Somehow I would have to get this output into
the pipe to be read by the parent proc */
default:
return(0);
}
Thanks in advance for any help.
Sean Markley
Software Engineer, ManageIT/Performance Level 2
Computer Associates International, Inc.
Email: Sean.Markley_at_ca.com
Received on Tue Jun 05 2001 - 21:34:14 NZST