Bart, On Mon, Aug 04, 2003 at 11:40:12PM +0100, Bart Oldeman wrote: > On Sun, 3 Aug 2003, Ryan Underwood wrote: > > > Okay, I figured out what is going on. > > > > I have a daemon (BBS server) that is spawned from an init script, and > > when a user accesses a DOS program in the BBS, it forks off DOSEMU to > > redirect the comport I/O to the user. > > > > The problem occurs when: > > 1) The daemon is run with root privileges > > 2) The daemon's init script is run through a `sudo`. > > > > The latter is common since the sysop might use sudo to either restart > > the BBS, or to apt-get upgrade (which will restart the daemon as part of > > its process). DOSEMU checks to the "real" uid, drops privileges to the > > real uid, and then can no longer access the files which have root > > permissions. > > This is a way to avoid suid-root on dosemu.bin and let sudo manage much of > the security that used to be done by dosemu.users settings. Sudo is much > more reliable than DOSEMU security wise (better audits and so on). > > Look at the file named "INSTALL" for a possible setup. > > > So it fails starting the user's requested program for > > seemingly no reason. However, when done a `su - root` and then running > > the init script, there is no problem, since the real login is root that > > time. > > > > I explored various stupid hacks in the privilege code, but I just > > thought I would ask if anyone has a better idea how to use sudo with > > dosemu. This is a little bit of a pain! > > using it twice, like > sudo sudo dosemu > should work around it. The script user then needs to be able to gain > absolute (unlimited) root using sudo however (i.e. able to run "sudo > bash"), and not just the permission to execute dosemu.bin with "root".
I found another mis-behavior of this feature, involving the opposite scenario. Before, we were a regular user, using sudo to start the bbs, and the dosemu ended up inappropriately dropping its privileges because it was started setuid root. Now, the other scenario is this: we are root, and startup the bbs as root. The BBS this time is configured to setuid to another user for the security reasons, so it setuids to 'bbs'. dosemu is started as 'bbs', but apparently checks the real uid to find where to access ~/.dosemu, tries to write to files in /root/.dosemu which 'bbs' has no permissions for, and quits immediately when it fails. Any thoughts? I'm thinking it might be useful to have a setting in dosemu.users that turns off the "smart setuid handling", because sometimes it is not desired. Also, is it possible to create the stuff that dosemu would want to create in .dosemu, somewhere else such as /tmp that the user will always be able to write to; or else disable creating the sockets and such entirely? That way, dosemu would not need write permissions anywhere to start up. Your thoughts welcome, -- Ryan Underwood, <nemesis at icequake.net>, icq=10317253 - To unsubscribe from this list: send the line "unsubscribe linux-msdos" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
