errno has no meaning after successful calls.
It does not stay 0. So, "illegal seek" msg is bogus.
(1) uncomment error messages on error paths.
your setuid() call seems to fail, and you don't see why.
(2) run your program under strace.
Thank your for your reply Denys!
My code:
#define ERROR(fmt, ...) \
syslog(LOG_ERR, fmt ", errno %d (%m)", ##__VA_ARGS__, errno)
int8_t drop_root(const char *user)
{
ERROR("Run %s, user %s", __func__, user);
struct passwd *pwd = NULL;
int r;
if (NULL == (pwd = getpwnam(user)))
return -1;
ERROR("After getpwnam, uid = %d, gid = %d", pwd->pw_uid, pwd->pw_gid);
r = setgid(pwd->pw_gid);
if (r) {
ERROR("ERROR: After setGID, r = %d", r);
return -1;
}
ERROR("After setGID, r = %d", r);
r= setuid(pwd->pw_uid);
if (r) {
ERROR("ERROR: After setUID, r = %d", r);
return -1;
}
ERROR("After setUID, r = %d", r);
return 0;
}
Manul running:
monitor: Run drop_root, user monitor, errno 0 (Success)
monitor: After getpwnam, uid = 100, gid = 100, errno 0 (Success)
monitor: After setGID, r = 0, errno 29 (Illegal seek)
monitor: After setUID, r = 0, errno 29 (Illegal seek)
monitor: Ready to send message
Strace:
.....................
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001e000
set_tls(0x4001e0a0, 0x4001f000, 0x4001e7f8, 0x4001e778, 0x40025050) = 0
mprotect(0x40145000, 4096, PROT_READ) = 0
access("/etc/monitor", F_OK) = 0
brk(0) = 0x14000
brk(0x35000) = 0x35000
gettimeofday({946686039, 822996}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: Run drop_root, user moni"..., 57monitor: Run
drop_root, user monitor, errno 0 (Success)
) = 57
munmap(0x4001f000, 4096) = 0
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) =
-1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) =
-1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=224, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
read(3, "passwd: files\ngroup: "..., 4096) = 224
read(3, ""..., 4096) = 0
close(3) = 0
munmap(0x4001f000, 4096) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\254\30\0\0004\0\0\0d"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=50108, ...}) = 0
mmap2(NULL, 70324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x4014b000
mprotect(0x40154000, 28672, PROT_NONE) = 0
mmap2(0x4015b000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x4015b000
close(3) = 0
mprotect(0x4015b000, 4096, PROT_READ) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=91, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
read(3, "root:x:0:0:root:/root:/bin/sh\nmon"..., 4096) = 91
close(3) = 0
munmap(0x4001f000, 4096) = 0
gettimeofday({946686040, 242418}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: After getpwnam, uid = 10"..., 66monitor: After
getpwnam, uid = 100, gid = 100, errno 0 (Success)
) = 66
munmap(0x4001f000, 4096) = 0
close(3) = 0
setgid32(100) = 0
gettimeofday({946686040, 265991}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: After setGID, r = 0, err"..., 55monitor: After
setGID, r = 0, errno 29 (Illegal seek)
) = 55
munmap(0x4001f000, 4096) = 0
close(3) = 0
setuid32(100) = 0
gettimeofday({946686040, 621567}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: After setUID, r = 0, err"..., 55monitor: After
setUID, r = 0, errno 29 (Illegal seek)
) = 55
munmap(0x4001f000, 4096) = 0
close(3) = 0
rt_sigaction(SIGINT, {0x9444, [INT], SA_RESTART|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x9444, [TERM], SA_RESTART|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGHUP, {0x9444, [HUP], SA_RESTART|0x4000000}, NULL, 8) = 0
open("/etc/monitor", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=48, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
read(3, "PORT=65000\nBROADCAST=1\nSERVER=0.0"..., 4096) = 48
read(3, ""..., 4096) = 0
close(3) = 0
munmap(0x4001f000, 4096) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
ioctl(3, SIOCGIFADDR, {ifr_name="eth0", ifr_addr={AF_INET,
inet_addr("192.168.255.2")}}) = 0
close(3) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=329, groups=00000000}, [12]) = 0
gettimeofday({946686040, 668309}, NULL) = 0
sendto(3, "\24\0\0\0\26\0\1\3XHm8\0\0\0\0\0\0\0\0"..., 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"<\0\0\0\24\0\2\0XHm8I\1\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"\24\0\0\0\3\0\2\0XHm8I\1\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1\10"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
open("/etc/gai.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = -1 EAFNOSUPPORT (Address
family not supported by protocol)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(65000),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(3072),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
close(3) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP) = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(65000),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
gettimeofday({946686040, 698108}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(4) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 4
fstat64(4, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(4, 0, 0xbed55938, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(4, "monitor: Ready to send message\r\n"..., 32monitor: Ready to
send message
) = 32
munmap(0x4001f000, 4096) = 0
close(4)
Running with system:
monitor: Run drop_root, user monitor, errno 0 (Success)
monitor: After getpwnam, uid = 100, gid = 100, errno 0 (Success)
monitor: After setGID, r = 0, errno 29 (Illegal seek)
Thank you.
--
Best regards,
Brilliantov Kirill Vladimirovich
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
