On Tue, 2003-12-09 at 00:09, Stas Bekman wrote:
> [Volker has sent me the long output offline, so I'm just quoting the
> interesting parts here]
>
> >> I also want to see the console messages (not error_log) when you run
> >> from under /root/mod_perl-1.99_11/ as you did it in first place.
>
> > ulimit -c unlimited; t/TEST -bugreport -verbose=0
> > *** root mode: changing the files ownership to 'nobody' (99:99)
> > *** /usr/bin/perl -e ' require POSIX; POSIX::setuid(99);
> > POSIX::setgid(99); print -r q{/root/mod_perl-1.99_11/t} && -w _ &&
> > -x _ ? q{OK} : q{NOK}; '
> >
> > *** result: OK
>
> That explains the problem. My test to check whether user 'nobody' will be able
> to access files under /root seems to pass, but when Apache starts as nobody it
> doesn't.
>
> Can you please show us the perms of your /root directory? e.g. on my machine it's:
>
> drwx------ 43 root root 4096 Dec 8 14:31 root
drwxr-x--- 19 root root 4096 Dec 8 19:11 root
(Bad permissions for a root directory, but it is default on fedora core.
> % grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin
>
> May be POSIX::setuid(99) fails? Does running the following as root:
>
> % /usr/bin/perl -le 'require POSIX; POSIX::setuid(99); POSIX::setgid(99); \
> print -r q{/root} && -w _ && -x _ ? q{OK} : q{NOK}; '
>
> gives you:
>
> OK?
Yes it does.
>
> If it does, the following will probably fail too:
>
> perl -le 'require POSIX; POSIX::setuid(99) or die "failed to run: $@";'
no error/ no output with this line.
>
> and this?
>
> % /usr/bin/perl -le 'require POSIX; \
> POSIX::setuid(99) or die "NOK"; \
> POSIX::setgid(99) or die "NOK"; \
> print -r q{/root} && -w _ && -x _ ? q{OK} : q{NOK}; '
gives OK
Regards
Volker
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
