[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] C question



On Apr 5, 2013, at 6:26 PM, David Tomaschik wrote:

> Having a shell in between shouldn't be a problem?

It is.  Here is what currently happens.  C program that is setuid calls another C program via system().  The problem is, system spawns a new shell and the euid is not retained, hence when attempting to execute the 2nd C program, I get permission denied.

The same issue happens popen() because as the man page for popen says, it spawns a new shell with -c.

I've tested both this is accurate.

Here is the whole problem description:

1. cgi perl script calls an existing binary.  (apache id executes)

2. existing binary calls a second binary via system()  This program is only executable by a userid that is not apache

3. the second binary returns permission denied.

I have attempted setuid on the first binary.  No good, still get permission denied.

I can run the perl script by hand as the user id that owns the second binary and it works fine. (command line)

The only solution I can see at this point is fork/exec, but the problem  is  I have to pipe info into the second program as well as pass positional parameters to it.

I hope this better explains the problem.

I'll revisit it tomorrow.

> 
> Alternatively, set up a pipe, fork(), dup2(pipe_output, STDIN); exec(), (from parent process) push "stuff" into pipe?
> 
> 
> On Fri, Apr 5, 2013 at 1:47 PM, Geoffrey Myers <lists at serioustechnology.com> wrote:
> Actually, this won't work as it execs a shell.  The binary is suid for a particle user and the program being spawned needs to be executed by the same user. 
> 
> 
> --
> From my iPhone
> Geoffrey Myers
> 
> On Apr 5, 2013, at 3:53 PM, David Tomaschik <david at systemoverlord.com> wrote:
> 
>> Must it be fork/exec specifically?  Seems like popen would be easier... popen("somebinary arg1 arg2", "w"); then write stuff to the returned file ptr?
>> 
>> 
>> On Fri, Apr 5, 2013 at 12:33 PM, Geoffrey Myers <lists at serioustechnology.com> wrote:
>> So, shaking some cobwebs loose here. How do I replace the following:
>> 
>> system("echo stuff | somebinary arg1 arg2");
>> 
>> With a fork/exec ??
>> 
>> (Digging out my old C books....)
>> 
>> --
>> From my iPhone
>> Geoffrey Myers
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>> 
>> 
>> 
>> -- 
>> David Tomaschik
>> OpenPGP: 0x5DEA789B
>> http://systemoverlord.com
>> david at systemoverlord.com
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> 
> 
> 
> -- 
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

--
Until later, Geof



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130407/2a331adc/attachment.html>