Re: "Real programs dump core"

[Hauke Fath <hf%spg.tu-darmstadt.de@localhost>]

At 17:25 Uhr -0400 06.09.2011, Thor Lancelot Simon wrote:
>> >Why not fix the planner binary to not run setuid root?  It's not hard to
>> >do.
>>
>> I don't see how... Care to drop a hint?
>
>Well, there are two basic ways:
>
>1) Write a tiny setuid wrapper that opens the socket, leaves it open on a
>   known file descriptor, drops privileges, then execs the planner.
>
>2) Write a setuid port-opener that returns the file descriptor for the
>   socket to its caller by file descriptor passing on a unix domain
>   socket.

Ah, wrappers, okay...

The amanda version in pkgsrc is fairly old; amanda 3 has seen a re-write in
perl, so it's probably not worth while spending much time on 2.5.

Amanda planner is called from amandad, and they share an obscure interface.
So while I could explore that and teach the wrapper to plug it through,
what did the trick for me was pointing "kern.coredump.setid.path" to a
directory that the real uid (backup) has permission to write to.

        hauke

-- 
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email            Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-3281