Re: How to exec a subtool as root
Re: How to exec a subtool as root
- Subject: Re: How to exec a subtool as root
- From: ryan <email@hidden>
- Date: Tue, 21 Jan 2003 16:13:58 -0800
Hi,
Thank you all for replying.
When I say 'setuid root' what I mean is the file is owned by root and has
the 'set user id' bit set (+s). The kernel will set the effective and/or
real user id to the owner of the file.
I am going with a subtool which self-execs itself with a token it received
from the main app.
My app is a ISP 'installer' which creates network configuration. To
successfully create a new network location you have to run the code as
effective user id 0 (root). That is what is driving my investigation.
Thank you all for the insightful recommendations.
Regards,
-ryan
On 1/21/03 4:08 PM, "Dave Camp" <email@hidden> wrote:
>
The calling application is supposed to authenticate the user and get an
>
authorization token. That token is sent to the suid tool which checks
>
with the security framework to see if it is still valid. If so, it then
>
does whatever it was supposed to do. If the check fails, the tool
>
should stop.
>
>
I think that is what the documentation is suggesting.
>
>
Dave
>
>
On Tuesday, January 21, 2003, at 02:53 PM, Sven A. Schmidt wrote:
>
>
> On Montag, Januar 20, 2003, at 08:13 Uhr, ryan wrote:
>
>
>
>> Hello,
>
>>
>
>> I have been thinking about the security model in Mac OS X and how to
>
>> use the
>
>> security framework to execute privileged commands.
>
>>
>
>> The documentation states that the use of
>
>> 'AuthorizationExecuteWithPrivileges' should be limited to having a
>
>> small
>
>> tool self-exec to cause it to become setuid root. After that point
>
>> anytime
>
>> someone calls that small tool it runs as user root. This seems like a
>
>> fairly big security hole to me. Once you set a small tool setuid
>
>> root, then
>
>> someone could run it and do a buffer overflow, or some such naughty
>
>> thing,
>
>> and gain root access potentially.
>
>
>
> Ryan,
>
>
>
> I'm not sure if I can follow you on everything you're saying, but I
>
> think there's a misunderstanding here: Even if you setuid(0) in a
>
> tool, unless you are the super user calling that tool (or get super
>
> user privileges by way of sudo), it will not be promoted to real and
>
> effective uid 0.
>
>
>
> From the setuid manpage:
>
>
>
> DESCRIPTION
>
> The setuid() function sets the real and effective user IDs and
>
> the saved
>
> set-user-ID of the current process to the specified value. The
>
> setuid()
>
> function is permitted if the effective user ID is that of the
>
> super user,
>
> or if the specified user ID is the same as the effective user ID.
>
> If
>
> not, but the specified user ID is the same as the real user ID,
>
> setuid()
>
> will set the effective user ID to the real user ID.
>
>
>
> I might be missing your point completely, though...
>
>
>
> Sven
>
> _______________________________________________
>
> cocoa-dev mailing list | email@hidden
>
> Help/Unsubscribe/Archives:
>
> http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
> Do not post admin requests to the list. They will be ignored.
>
>
>
>
>
---
>
The path of least resistance, it's not just for electricity any more.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.