LISTSERV - HP3000-L Archives

HP3000-L Archives

January 1997, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 1997, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: POSIX setuid()
From:	Mark Bixby <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 29 Jan 1997 08:42:37 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (55 lines)

Chris Breemer writes:
> In a simple testprogram, which runs fine on HP-UX, when I do a setuid() to some other uid,
> it returns EPERM (Operation not permitted). Even running as MANAGER.SYS (so according to
> the manual I _should_ have permission). Would this be a bug or a feature ?

Feature.  ;-)

> It occurred to me that perhaps I needed to have PM capability in my program.
> So I built it with
>
>         c89 -o pw pw.c "-WL,cap=pm,ph,ia; privlev=2"

I haven't tried privlev with POSIX, but in general it's a very dangerous thing
to use for program files.  Every procedure in that program will run in
GETPRIVMODE all of the time -- very risky.  I restrict my use of privlev 2
to specific XL procedures (the ones that need to do the dirty work).

> After this, the program aborts with
>
>         EXEC FUNCTION FAILED;  subsys=517; info=48

PM programs *MUST* reside in the MPE name space.  This is poorly stated in
the Commands manual for :RUN, and a number of SRs have been entered on this
subject (including one from me and Apache/iX).

This is why I distribute the Apache binary as /APACHE/PUB/HTTPD (aka
HTTPD.PUB.APACHE), not /APACHE/PUB/some/hfs/path/httpd.

>
> Which is a POSIX implementation error. The current account, group and user all have
> SM,PH, and PM capability. What's happening here ?

The way Apache/iX does it is:

        GETPRIVMODE();
        setuid();
        GETUSERMODE();

PM is the key, though if you're coming from a Unix background you'd think
MANAGER.SYS (the MPE version of root) might do the trick, but it doesn't.

> Now, suppose I get the setuid to work. Then at some stage I will want to setuid() back to
> the original user, but in general permission will be denied for _that_ one. At least
> that's what happens on HP-UX. Would PM on MPE solve that ? Because using AIFCHANGELOGON
> it is no problem to change back from a non-privileged use to the original user.

Just do a GETPRIVMODE() and you should be able to setuid() back to the original
user.
--
Mark Bixby                      E-mail: [log in to unmask]
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support               +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)

ATOM RSS1 RSS2

RAVEN.UTC.EDU