-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Thanks for the response Terry.
As I noted, this tool is running from /Library/Frameworks. That's on
the system disk, so I expect that its mounted with "suid". :-)
Even after I manually set the suid bits (user and group), MoreSecurity
still decided to put up the Authorization dialog. This means that the
tool was not running as root.
That's why I am so confused.
To review the statements:
- - Is this a nosuid volume? No. This is the system volume, assuredly
mounted suid.
- - Is this run from a script? No, the tool is run using fork/exec.
Thank you for the ideas.
...Duane
On Aug 27, 2009, at 3:35 PM, Terry Lambert wrote:
On Aug 27, 2009, at 11:41 AM, Duane Murphy wrote:
We have a product that uses an the older root tool helper process
from
MoreSecurity.
We have installations of the product where the setuid-root bit
doesn't
seem to work. The program always asks for authentication (outside of
the 5 minute timeout period).
The tool lives in a framework inside of /Library/Frameworks. On
other
installations this works fine. On this installation, the setuid bit
seems to have no affect.
The system is connected to Active Directory if that makes any
difference.
What could be happening here? What situations would cause setuid-
root
to fail to launch a tool as root?
If you are using exactly the code in MoreSecurity, it specifically
states that calling AuthorizationCopyRights() will result in a
dialog because of the default rule in /etc/authorization.
If you are running it from an FS with the "nosuid" mount option,
then it won't launch SUID, even if those are the permissions (check
the output of the "mount" command for the FS in question, but in
general, any portable device like a thumb drive or any non-local
device like an NFS FS will have "nosuid").
If you are failing to call setuid(geteuid()) in the helper to set
your saved, real and effective uid, the suid-ness will not be
inherited by the child of the helper.
If you are running a script instead of an actual binary, then the
suid will always be ignored, unless the interpreter you are running
it under is itself suid and capable of enforcing for/against suid-
ness of the script (and it takes responsibility for the security
when it does this; an example is suidperl).
-- Terry
...Duane
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.10.0 (Build 500)
Charset: US-ASCII
wsBVAwUBSpcNwkrg9acQ4r2CAQgCfQf/bAFar5Z3C0OpYfTJ5JTwpoLVOQKrJFph
3nkt4GFmFgQM1cSB/93efutxpc1dpL8QilttUoRPerv1aDheCcHHNZx28PqnnpX8
uaTxtdMzmnGFH/k1cW5DUcimP/EfsOUU9parjbB7Wg2YSUBMRJigkm/k3svATfR3
R/BQmvJofJkhVKYcEq/LIweZWExnfGvTLfcLu0GqfMavkrvxTXLTirH6opAAyQXO
jqPMWIyQK5J6jLRnGWdgRQj224SRMl1CYd/q7TTAk/nLm1CNUZmyQljwxje8f63+
7D2r0zcGTR7GevjixolIZizMpGnwiK6NYkrdeJ6i4yPVigSYMboq/A==
=pilT
-----END PGP SIGNATURE-----