On Mon, Sep 11, 2000 at 01:54:08PM -0700, Scott Smith wrote:
> what's up with this? done on a coda volume..
Yes, setuid is bad, it was introduced at some point only because of
experimentation with `netbooting' Coda, i.e. running a whole system
chrooted into /coda as soon as possible.
> ensomnia:tmp {15} id
> uid=1000(scott) gid=100(users) groups=100(users), 0(wheel)
> ensomnia:tmp {16} gcc thing.c
> ensomnia:tmp {17} ls -l a.out
> -rwxr-xr-x 1 scott nobody 3512 Sep 11 11:48 a.out*
> ensomnia:tmp {18} chown root a.out
This is AFAIK only possible because you are a member of the
System:Administrators group, which is the Coda equivalent of `root'. A
bigger problem is when one has root access on some machine with a
non-administrator token and creates the script while fully connected.
> ensomnia:tmp {19} chmod 4755 a.out
This setattr call will be blocked in 5.3.9 (EPERM).
> ensomnia:tmp {20} ls -l a.out
> -rwsr-xr-x 1 root nobody 3512 Sep 11 11:48 a.out*
Any modebits returned by servers will be stripped by anding them with 0777.
If people still want to use `setuid' applications in Coda they will have
to set up a setuid wrapper on a local filesystem, which imposes `local'
policy and restrictions.
i.e.
-rwxr-xr-x 1 root nobody 3512 Sep 11 11:48 a.out -> /bin/setuid-wrapper
-rwxr-xr-x 1 root nobody 3512 Sep 11 11:48 a.out.real*
And /bin/setuid-wrapper could be something like,
#!/bin/sh
bin = "$0.real"
if [ -x "$bin" ];
sudo "$bin" $*
fi
Jan
