Yep. You are right there. I posted the suidexec wrapper, so I tried to
fix it.
>Nonono... setuidexec _must_ check whether the file system the script is on
>is mounted with nosuid/nosgid.
Trvial check. But, while working on suidexec, I found another problem:
recent Linuxes taint the stuff in the /proc file system. As long as
real and effective uid/gid are different you can't access /proc/<pid>/fd.
Only a setuid/exec pair cleans the "dumpable" flag, as it is called in
the kernel. This means only setuid root programs would work.
I've gotten around it by using setuid() instead of seteuid(), but that
means the real uid is gone (well saved in an environment variable
ofcourse but still..). Also, when using "ps" you don't see the real
name of the process anymore, but eg. "/bin/sh /proc/19445/fd/3" instead.
To do better would require some kernel support.
Perhaps a more elegant (and portable!) solution would be to copy the script
to, say, /var/spool/suidexec and then execute it as usual, bypassing the
whole /proc/<pid>/fd stuff. Even "ps" would work again (and killall, etc).
I'll try to put something together that does just that, if anyone is
interested.
Comments appreciated.
Mike.
-- + Miquel van Smoorenburg + Cistron Internet Services + Living is a | | miquels@cistron.nl (SP6) | Independent Dutch ISP | horizontal | + miquels@drinkel.cistron.nl + http://www.cistron.nl/ + fall +