On Tue, 2003-12-09 at 18:25, Stas Bekman wrote:
% su - nobody
This account is currently not available.
So I think, here is the problem: grep ^nobody /etc/passwd nobody:x:99:99:Nobody:/:/sbin/nologin ^^^^^^^^^^^^ nobody cannot login and allocate a shell
The 'su - nobody' test above should give us the answer where the fault is.
and it does :-)
Which probably means that your perl POSIX implementation is broken.
I've tried to emulate your case: nobody:x:65534:65534:Nobody:/:/sbin/nologin before it was: nobody:x:65534:65534:Nobody:/:/bin/sh
% perl -le 'require POSIX; POSIX::setuid(65534) or die "failed to setuid: $@"; POSIX::setgid(65534) or die "failed to setgid: $@"; \ print -r q{/root} && -w _ && -x _ ? q{OK} : q{NOK}; '
failed to setgid: at -e line 1.
As you can see setgid has failed, but not setuid. Does this fail for you:
% perl -le 'require POSIX; POSIX::setgid(99) or die "failed to run: $@";'
I wonder why setuid doesn't fail for me:
% perl -le 'require POSIX; POSIX::setuid(65534) or die "failed to setuid: $@"; \
print -r q{/root} && -w _ && -x _ ? q{OK} : q{NOK}; '
OK
I think this is definitely broken on my machine, since my /root is drwx------ and that means that setuid() didn't do its job and the process is still running as the root user.
So if you change /etc/passwd's nobody entry to have /bin/sh instead of /sbin/nologin the test suite should now successfully detect that it won't be able to work from that directory.
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
