Peter Chubb wrote:
Ah. Posix semantics.
Instead, do
setreuid(geteuid(), -1);
that should fix it.
/home/prundle> ./suidexec id
Executing Command 'id'
uid=502(matlab) gid=501(prundle) groups=502(matlab)
context=user_u:system_r:unconfined_t
:-)
/home/prundle> ./suidexec /home/matlab/p
> "Peter" == Peter Rundle <[EMAIL PROTECTED]> writes:
Peter> Peter Chubb wrote:
>> So do a setuid(geteuid()) in there...
Peter> Que? I don't follow, do you mean the "C" should look like;
Peter> setuid(geteuid()); execlp(argv[1],argv[2]);
Yes, that's right.
Peter> I tried the above, but
On Tue, May 16, 2006 at 01:46:30PM +1000, Peter Rundle wrote:
>
> in the source and now when it runs we see a different result
>
> $ ./suidexec id
> Executing Command 'id'
> uid=501(prundle) gid=501(prundle) euid=502(matlab) groups=502(matlab)
> context=user_u:system_r:unconfined_t
>
> But it d
Peter Chubb wrote:
So do a setuid(geteuid()) in there...
Que? I don't follow, do you mean the "C" should look like;
setuid(geteuid());
execlp(argv[1],argv[2]);
??
I tried the above, but no joy, "./suidexec id" still reports
uid=501(prundle) gid=501(prundle) euid=502(matlab)
P.
--
SLUG -
> "Peter" == Peter Rundle <[EMAIL PROTECTED]> writes:
Peter> Changed system(argv[1]); to execlp(argv[1],argv[2]);
Peter> in the source and now when it runs we see a different result
Peter> $ ./suidexec id Executing Command 'id' uid=501(prundle)
Peter> gid=501(prundle) euid=502(matlab) groups
On Tue May 16, 2006 at 13:46:30 +1000, Peter Rundle wrote:
>
>Malcolm V wrote:
>
>>Read "man 3 system" as I suggested yesterday.
>
>Thanks Malcolm.
>
>>See "man 3 exec" for what you want.
>
>Changed
> system(argv[1]);
>to
> execlp(argv[1],argv[2]);
>
>in the source and now when it runs we see a d
Malcolm V wrote:
Read "man 3 system" as I suggested yesterday.
Thanks Malcolm.
See "man 3 exec" for what you want.
Changed
system(argv[1]);
to
execlp(argv[1],argv[2]);
in the source and now when it runs we see a different result
$ ./suidexec id
Executing Command 'id'
uid=501(prundle
On Tuesday 16 May 2006 08:24, Peter Rundle allegedly wrote:
> Can you explain to a mere mortal why the following doesn't work?
> As a first step to your "trivial" challenge, I've written a simple C
> routine to
>
> system ("do something");
Read "man 3 system" as I suggested yesterday.
Of part
[EMAIL PROTECTED] wrote:
> Gentlemen it should be absolutely trivial for the cgi to run a compiled program that is
(a) suid to matlab (b) executes your script either as fork/exec or even system ("do
something");
> James
James, thanks for volunteering to solve this one ;-) .
Can you explain to
On Monday 15 May 2006 09:16, [EMAIL PROTECTED] wrote:
> Dean Hamstead wrote:
> > could you drop the command into a spool, then run it off a queue?
>
> Interesting idea. Can you point to any docs that describe how to set up a
> batch queue in Linux al la VMS batch queue?
>
> > did you try setting th
This one time, at band camp, Peter Rundle wrote:
>Mike Lake scribed:
>>What about if the apache script writes a small file in /tmp/matlab/
>>directory and the user process is looking at that directory every 30
>>seconds. If the user script sees the file, reads it, gets params from
>>the file and
This one time, at band camp, Peter Rundle wrote:
>I'm looking for suggestions/recommendations for a way to run a command as a
>specific user, but triggered from a web form submit button. The
>corresponding action cgi runs as apache/apache, but I then need it to
>trigger the running of a shell sc
On Monday 15 May 2006 11:12, Peter Rundle allegedly wrote:
> I vaguely recall that chmod +s is only valid for binaries as the command
> being executed is bash, the script is just a data file to bash. I could be
> wrong on this one though...
This is correct. You can get around this by using a small
Mike Lake scribed:
What about if the apache script writes a small file in /tmp/matlab/
directory and the user process is looking at that directory every 30
seconds. If the user script sees the file, reads it, gets params from
the file and run. It drops the plot into a directory apache can read.
Peter Rundle wrote:
Sluggers,
I'm looking for suggestions/recommendations for a way to run a command
as a specific user, but triggered from a web form submit button. The
corresponding action cgi runs as apache/apache, but I then need it to
trigger the running of a shell script as another unpr
Peter Rundle wrote:
Sluggers,
I'm looking for suggestions/recommendations for a way to run a command
as a specific user, but triggered from a web form submit button. The
corresponding action cgi runs as apache/apache, but I then need it to
trigger the running of a shell script as another unpr
Dean Hamstead wrote:
could you drop the command into a spool, then run it off a queue?
Interesting idea. Can you point to any docs that describe how to set up a batch queue in
Linux al la VMS batch queue?
did you try setting the s(et)uid bit of the script?
yeah didn't work. I placed the '
Sluggers,
I'm looking for suggestions/recommendations for a way to run a command as a specific user,
but triggered from a web form submit button. The corresponding action cgi runs as
apache/apache, but I then need it to trigger the running of a shell script as another
unprivledged user.
The
18 matches
Mail list logo
