On Thu, May 19, 2011 at 08:17:43PM -0500, James Buren <[email protected]> wrote: > I'd like some help testing this package I have been writing for > maintaining i686 chroot on x86_64. My biggest concern is that I had to > rewrite fw32-run in C, with SETUID so it could work without sudo and still > know who was executing it. This is needed so it can mount the user's home > directory in the chroot via binding with mount and then drop root > permissions inside to the proper user's permission levels. I'm not > entirely sure I wrote it correctly to avoid the obvious security holes, > because I'm not that familiar with low level linux system calls.
The most obvious one was the missing chdir() after chroot(), but I already pointed out that on IRC. > I'm used > to shell programs doing it for me. And yes, I tried using SETUID with > shell scripts. It simply does not work. Linux refuses to honor SETUID on > interpreted executables. It will only work on true binaries. Sure, ./foo.sh is tranlated to '/bin/sh ./foo.sh' by the shell, and you don't want to mark /bin/sh as setuid. :)
pgptgm4PD3Ere.pgp
Description: PGP signature
_______________________________________________ Frugalware-devel mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-devel
