site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=fFJtjvJdP6Fx2h1pnI39r5tjsB8D/BxTCpkQgy9o2CQ=; b=WXpT1KNsshUzGIkmAhkPPB1oQUq4ektefKaRquk2ed8jkyJ1SlXT6zmnY8EbvZVXp/ cfckJ9qzFbH0yQAWqgs1r4fr6dCrqtVk76f53zClX6GuwwYa8/6xouUSy6y5IQ6775y2 G/pvEATnNSSDIP0CQC5UTXkr8jcY8XCIMO4rM= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=k1D8xLTUsFTPU/zIg7beN7Uu18YurwgLyJJgDLMIr8hfMllvBma6Ut9wLNehgADo/A Dqj1FopD4FpaQxBAKF0BixEHEyztwbOBfn1lbzRO9EJM19K5KUVItP2I/ZulxoqO8jjv XfEtK3nvJjpt6Xs2Q90lAiGOavuNGLOhUQTBA= Hi all, I am building a chroot management tool[1] for developers. It works under linux and I'm in the process of adding Mac support. I've ran into a couple of issues and could use a hand. I'm mounting a sparseimage and chroot'ing into it. When I do this ls tells me that binaries such as sudo and ping correctly have the setuid bit set and are owned by root. However, when I execute these binaries, their call to geteuid returns the user id rather than 0 (confirmed with dtruss[2]). The below commands, all executed on my macbook pro running 10.5.7, demonstrate this: # build the image that i'll chroot into export image_name=mac_os_x-10.5.7 export image_file=~/images/$image_name.sparseimage mkdir ~/images hdiutil create -type SPARSE -fs HFS+ -volname $image_name -size 5g -attach \ $image_file for P in BaseSystem Essentials BSD X11User; do \ sudo installer -target /Volumes/$image_name -pkg \ '/Volumes/Mac OS X Install DVD/System/Installation/Packages/'$P.pkg;\ done # mount some important directories for the chroot sudo mount -t devfs devfs /Volumes/$image_name/dev sudo mount -t fdesc -o union stdin /Volumes/mac_os_x-10.5.7/dev sudo mkdir -p /Volumes/$image_name/Users/jaybuff sudo bindfs /Users/jaybuff /Volumes/$image_name/Users/jaybuff $ # show that geteuid correctly returns 0 outside of the chroot: $ cat euid.c #include<stdio.h> main() { printf("euid: %i\n", geteuid()); } $ gcc euid.c -o euid $ chmod 04755 euid $ sudo chown root:wheel euid $ ./euid euid: 0 $ # copy it into the chroot $ cp euid /Volumes/mac_os_x-10.5.7/tmp/euid $ sudo chroot /Volumes/mac_os_x-10.5.7 bash bash-3.2# ls -la /tmp/euid -rwsr-xr-x 1 root wheel 12612 Feb 22 19:23 /tmp/euid bash-3.2# su - jaybuff $ /tmp/euid euid: 37964 $ id uid=37964(jaybuff) gid=100(users) groups=100(users),101(com.apple.sharepoint.group.1),98(_lpadmin),102(com.apple.sharepoint.group.2),80(admin),20(staff) Why does geteuid return 0 for a setuid binary outside of a chroot, but not when executed inside a chroot? Thanks, Jay [1] http://getjoot.org [2] http://www.brendangregg.com/dtrace.html _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com