Re: "Real programs dump core"

To: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Subject: Re: "Real programs dump core"
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Tue, 6 Sep 2011 17:25:01 -0400

On Tue, Sep 06, 2011 at 04:37:08PM +0200, Hauke Fath wrote:
> At 9:20 Uhr -0400 06.09.2011, Thor Lancelot Simon wrote:
> >> The Amanda planner binary runs setuid root to open a privileged port, then
> >> reuurns to unprivileged mode. As such it apparently cannot write a core to
> >> the CWD. I guess I'd have to set proc.curproc.corename from the planner
> >> process, then.
> >
> >Why not fix the planner binary to not run setuid root?  It's not hard to
> >do.
> 
> I don't see how... Care to drop a hint?

Well, there are two basic ways:

1) Write a tiny setuid wrapper that opens the socket, leaves it open on a
   known file descriptor, drops privileges, then execs the planner.

2) Write a setuid port-opener that returns the file descriptor for the
   socket to its caller by file descriptor passing on a unix domain
   socket.

Thor

Follow-Ups:
- Re: "Real programs dump core"
  - From: Hauke Fath

References:
- Re: "Real programs dump core"
  - From: Andy Ruhl
- Re: "Real programs dump core"
  - From: Hauke Fath
- Re: "Real programs dump core"
  - From: Martin Husemann
- Re: "Real programs dump core"
  - From: Hauke Fath
- Re: "Real programs dump core"
  - From: Michael van Elst
- Re: "Real programs dump core"
  - From: Hauke Fath
- Re: "Real programs dump core"
  - From: Thor Lancelot Simon
- Re: "Real programs dump core"
  - From: Hauke Fath

Prev by Date: Re: "Real programs dump core"
Next by Date: Re: Coovachilli and NetBSD
Previous by Thread: Re: "Real programs dump core"
Next by Thread: Re: "Real programs dump core"
Indexes:

Home | Main Index | Thread Index | Old Index