(Illustration by Gaich Muramatsu)
On Mon, Sep 11, 2000 at 01:54:08PM -0700, Scott Smith wrote: > what's up with this? done on a coda volume.. Yes, setuid is bad, it was introduced at some point only because of experimentation with `netbooting' Coda, i.e. running a whole system chrooted into /coda as soon as possible. > ensomnia:tmp {15} id > uid=1000(scott) gid=100(users) groups=100(users), 0(wheel) > ensomnia:tmp {16} gcc thing.c > ensomnia:tmp {17} ls -l a.out > -rwxr-xr-x 1 scott nobody 3512 Sep 11 11:48 a.out* > ensomnia:tmp {18} chown root a.out This is AFAIK only possible because you are a member of the System:Administrators group, which is the Coda equivalent of `root'. A bigger problem is when one has root access on some machine with a non-administrator token and creates the script while fully connected. > ensomnia:tmp {19} chmod 4755 a.out This setattr call will be blocked in 5.3.9 (EPERM). > ensomnia:tmp {20} ls -l a.out > -rwsr-xr-x 1 root nobody 3512 Sep 11 11:48 a.out* Any modebits returned by servers will be stripped by anding them with 0777. If people still want to use `setuid' applications in Coda they will have to set up a setuid wrapper on a local filesystem, which imposes `local' policy and restrictions. i.e. -rwxr-xr-x 1 root nobody 3512 Sep 11 11:48 a.out -> /bin/setuid-wrapper -rwxr-xr-x 1 root nobody 3512 Sep 11 11:48 a.out.real* And /bin/setuid-wrapper could be something like, #!/bin/sh bin = "$0.real" if [ -x "$bin" ]; sudo "$bin" $* fi JanReceived on 2000-09-11 17:24:55