Re: How Do I Run a Java App with Superuser Privileges?
Re: How Do I Run a Java App with Superuser Privileges?
- Subject: Re: How Do I Run a Java App with Superuser Privileges?
- From: Michael Maibaum <email@hidden>
- Date: Tue, 14 Dec 2004 00:54:54 -0800
- Mail-followup-to: email@hidden
On Mon, Dec 13, 2004 at 10:08:59PM -0800, Justin Walker wrote:
On Dec 13, 2004, at 21:45, James Berry wrote:
On Dec 13, 2004, at 9:24 PM, Justin Walker wrote:
On Dec 13, 2004, at 21:11, James Berry wrote:
[snip]
Most systems will not permit shell scripts to execute 'setuid'.
Works for me... (TM). (Note the euid...)
Well, well, well, ....
It'll take me a while to figure this one out. Seems that bash and sh
have somewhat different behaviors:
Historically bash when run as sh gives up setuid privs as a security precaution. Apple changed this in bash because zsh doesn't do this and people had written scripts to be executed by sh (which was zsh then) which relied on the elevated privs. Thus the recent Adobe Version Cue security flaw (which is really an Apple derived problem).
I think the BSD people were a bit unhappy with this change ;)
Michael
$ cat foo.sh
#!/bin/sh
id
ps -utp1
$ cat bar.sh
#!/bin/bash
id
ps -utp1
$ls -l *.sh
-r-sr-xr-x 1 root staff 24 13 Dec 22:01 bar.sh
-r-sr-xr-x 1 root staff 22 13 Dec 22:00 foo.sh
$ foo.sh
uid=10180(justin) euid=0(root) gid=20(staff) groups=20(staff),
79(appserverusr), 80(admin), 81(appserveradm)
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME
COMMAND
justin 281 0.2 0.2 18644 1392 std S 4Dec04 0:01.57
-bash
root 279 0.0 0.3 27540 2000 std Ss 4Dec04 0:00.04
login -pf ju
root 4373 0.0 0.1 18644 564 std S+ 10:00PM 0:00.03 sh
./foo.sh
root 4375 0.0 0.1 18076 684 std R+ 10:00PM 0:00.02 ps
-utp1
$ bar.sh
uid=10180(justin) gid=20(staff) groups=20(staff), 79(appserverusr),
80(admin), 81(appserveradm)
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME
COMMAND
justin 4378 3.0 0.1 18644 1012 std S+ 10:01PM 0:00.01
bash ./bar.s
root 279 0.0 0.3 27540 2000 std Ss 4Dec04 0:00.04
login -pf ju
justin 281 0.0 0.2 18644 1392 std S 4Dec04 0:01.57
-bash
root 4380 0.0 0.0 18076 308 std R+ 10:01PM 0:00.01 ps
-utp1
Looks to me like there is either a compatibility issue at play, or a
bug in the system somewhere...
'tcsh' and 'bash' behave the same: scripts can't execute as setuid
root. For 'sh', it appears they can...weird.
Thanks for digging in further...
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | "Weaseling out of things is
what
| separates us from the animals.
| Well, except the weasel."
| - Homer J Simpson
*--------------------------------------*-------------------------------*
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Dr Michael A. Maibaum
internet: email@hidden http://mike.maibaum.org/
voice: [m] 07813 713 952 [w] (020) 7679 3890
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden