Re: chroot and setuid binaries
Re: chroot and setuid binaries
- Subject: Re: chroot and setuid binaries
- From: Mike <email@hidden>
- Date: Wed, 23 Feb 2011 10:40:02 -0800
You may also want to take a look at Quinn's source code comments from
MIB which discuss uid and effective uid in setuid helper tools on OS X:
http://developer.apple.com/library/mac/#samplecode/MoreAppleEvents/Listings/MoreIsBetter_parts_MoreSetup_r.html
In particular, read the MoreSecurity .h & .c files' comments.
I've got a little booklet on OS X helper tools here, but I don't think
it addresses your specific problem:
http://www.michael-amorose.com/books/index.htm
On 2/23/11 9:07 AM, Jay Buffington wrote:
Hi all,
I am building a chroot management tool[1] for developers. It works
under linux and I'm in the process of adding Mac support. I've ran
into a couple of issues and could use a hand.
I'm mounting a sparseimage and chroot'ing into it. When I do this ls
tells me that binaries such as sudo and ping correctly have the setuid
bit set and are owned by root. However, when I execute these
binaries, their call to geteuid returns the user id rather than 0
(confirmed with dtruss[2]). The below commands, all executed on my
macbook pro running 10.5.7, demonstrate this:
# build the image that i'll chroot into
export image_name=mac_os_x-10.5.7
export image_file=~/images/$image_name.sparseimage
mkdir ~/images
hdiutil create -type SPARSE -fs HFS+ -volname $image_name -size 5g -attach \
$image_file
for P in BaseSystem Essentials BSD X11User; do \
sudo installer -target /Volumes/$image_name -pkg \
'/Volumes/Mac OS X Install DVD/System/Installation/Packages/'$P.pkg;\
done
# mount some important directories for the chroot
sudo mount -t devfs devfs /Volumes/$image_name/dev
sudo mount -t fdesc -o union stdin /Volumes/mac_os_x-10.5.7/dev
sudo mkdir -p /Volumes/$image_name/Users/jaybuff
sudo bindfs /Users/jaybuff /Volumes/$image_name/Users/jaybuff
$ # show that geteuid correctly returns 0 outside of the chroot:
$ cat euid.c
#include<stdio.h>
main() { printf("euid: %i\n", geteuid()); }
$ gcc euid.c -o euid
$ chmod 04755 euid
$ sudo chown root:wheel euid
$ ./euid
euid: 0
$ # copy it into the chroot
$ cp euid /Volumes/mac_os_x-10.5.7/tmp/euid
$ sudo chroot /Volumes/mac_os_x-10.5.7 bash
bash-3.2# ls -la /tmp/euid
-rwsr-xr-x 1 root wheel 12612 Feb 22 19:23 /tmp/euid
bash-3.2# su - jaybuff
$ /tmp/euid
euid: 37964
$ id
uid=37964(jaybuff) gid=100(users)
groups=100(users),101(com.apple.sharepoint.group.1),98(_lpadmin),102(com.apple.sharepoint.group.2),80(admin),20(staff)
Why does geteuid return 0 for a setuid binary outside of a chroot, but
not when executed inside a chroot?
Thanks,
Jay
[1] http://getjoot.org
[2] http://www.brendangregg.com/dtrace.html
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden