Re: [linux-lvm] lvcreate from a setuid-root binary
On Thu, Nov 15, 2018 at 05:39:56PM +0100, Christoph Pleger wrote: > I am calling lvcreate from a setuid-binary, which internally calls Let's stop there. The fact you're asking a question about setuid suggests you don't understand enough to be able to use it safely. Seriously, never use setuid for anything until you have a thorough understanding of its internals (userspace and kernel) and ld-linux, capabilities, process contexts, acls, selinux etc. It's just too easy to make your system insecure because of something you didn't even realise you had to consider! (I could tell you some funny stories...) Go back to the beginning and describe the original problem you are trying to solve and the constraints you have and ask for advice about ways to achieve it. Alasdair ___ linux-lvm mailing list linux-lvm@redhat.com https://www.redhat.com/mailman/listinfo/linux-lvm read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
[linux-lvm] lvcreate from a setuid-root binary
Hello, I am calling lvcreate from a setuid-binary, which internally calls setreuid(), so that not only effective and saved UIDs, but also the real UID is set to 0. From _nonroot_warning() in lvmcmdline.c I see that LVM command line tools expect that. Unfortunately - though these UIDs are all set to 0 - lvcreate still does not work for me. That is, it does work when I call my setuid-binary as a non-root user from the command line, but it does not work when I call my setuid-binary from PAM module pam_exec - and that is what I need my program for. I let my program send lvcreate output to a file and that file has the following content: device-mapper: version ioctl on failed: Permission denied Incompatible libdevmapper 1.02.137 (2016-11-30) and kernel driver (unknown version). striped: Required device-mapper target(s) not detected in your kernel. Run `lvcreate --help' for more information. What might be the problem here so that lvcreate gives these errors though all UIDs are 0? Regards Christoph ___ linux-lvm mailing list linux-lvm@redhat.com https://www.redhat.com/mailman/listinfo/linux-lvm read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
