setuid confusion
Alex LeDonne
aledonne.listmail at gmail.com
Fri Nov 2 14:34:02 MST 2007
On Nov 2, 2007 2:11 PM, <alex at crackpot.org> wrote:
> Quoting Alex LeDonne <aledonne.listmail at gmail.com>:
>
>
> > I just found a snippet on
> > http://www.linux-knowledge-portal.org/en/content.php?&content/programming/secprog2.html
> > :
> >
> > "The access(2) call uses the real UID and real GID to check the
> > rights. This means that the effective UID/GID of SetUID/-GID programs
> > does not apply. In the case of the access check with open(2), on the
> > other hand, the effective UID/GID is used."
> >
> > So if svn is using access(2) instead of open(2) to check perms on the
> > lock file, your system() call won't work.
> >
> > I haven't tried to look at subversion source yet to see...
> >
> > -Alex L
>
> Thanks for the assistance.
>
> I've taken a different approach which is a little clunkier, but also
> works well enough.
>
> The 'wwwlive' user runs a shell script that checks for the presence of
> a flag file. When that file exists, wwwlive runs an 'svn update' to
> update the live site. So, anyone who creates that file can cause a
> site update. Just for safety, I added a wwwlive cron job that checks
> to make sure that shell script is running, and re-starts it if needed.
> Accomplishes the goal and doesn't require setuid.
>
> alex
>
Congrats on the workaround. For archive searchers, and in case you
want to try removing the clunk, I found one other interesting story:
http://svn.haxx.se/users/archive-2004-01/0717.shtml
This suggests that you could have a c program wrapper that is suid
root, which calls both setuid() and seteuid() before calling the real
program (in the story, a post-commit script; in this case, svn). It
uses execv() to call the script in question, rather than system(),
which may also make a difference.
Disclaimer: IANA C Programmer.
-Alex L
More information about the PLUG-discuss
mailing list