I've got an suid shell script and a suid binary:
[EMAIL PROTECTED]:~$ ls -l foo.sh sleep
-rwsr-xr-x 1 root root 21 2003-11-16 07:38 foo.sh
-rwsr-xr-x 1 root root 12664 2003-11-16 07:38 sleep
The script simply runs my local suid sleep binary.
[EMAIL PROTECTED]:~$ cat foo.sh
#!/bin/sh
./sleep 3
Running as non-root I see:
I was running cdrecord from a non-root account and saw:
moseley 2324 1.0 0.1 2896 1192 pts/0 S 07:40 0:00 /bin/sh ./foo.sh
root 2325 1.0 0.0 2508 556 pts/0 S 07:40 0:00 ./sleep 3
Which makes sense. I assume that the shell script isn't really run suid
because /bin/sh is not suid.
Does setting suid on a shell script (or a perl script) have any effect?
If I change the shell script to "exec ./sleep", I still get sleep running as root:
[EMAIL PROTECTED]:~$ cat foo.sh
#!/bin/sh
exec ./sleep 3
And the ps output shows sleep is running as root.
root 2555 1.0 0.0 2508 556 pts/0 S 07:54 0:00 ./sleep 3
Now, here's what prompted this questions. I was running cdrecord as a
non-root user and I get:
cdrecord.mmap: Operation not permitted. WARNING: Cannot set RR-scheduler
cdrecord.mmap: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord.mmap: WARNING: This causes a high risk for buffer underruns
[EMAIL PROTECTED]:~$ file /usr/bin/cdrecord
/usr/bin/cdrecord: setuid Bourne shell script text executable
[EMAIL PROTECTED]:~$ cat /usr/bin/cdrecord
#!/bin/sh
VERS=`/sbin/kernelversion`
case $VERS in
2.0|2.2)
exec cdrecord.shm "$@"
;;
2.4|*)
exec cdrecord.mmap "$@"
;;
esac
[EMAIL PROTECTED]:~$ ls -l /usr/bin/cdrecord /usr/bin/cdrecord.mmap
-rwsr-xr-- 1 root cdrom 142 2003-11-08 16:33 /usr/bin/cdrecord
-rwsr-xr-- 1 root cdrom 342924 2003-11-08 16:33 /usr/bin/cdrecord.mmap
Ok, so those are also suid root. (And yes, I'm also in the cdrom group).
But when running cdrecord cdrecord.mmap does NOT run as root:
[EMAIL PROTECTED]:~$ cdrecord -v dev=0,1,0 KNOPPIX_V3.3-2003-11-14-EN.iso
Cdrecord-Clone 2.01a19 (i686-pc-linux-gnu) Copyright (C) 1995-2003 Jörg Schilling
[...]
cdrecord.mmap: Operation not permitted. WARNING: Cannot set RR-scheduler
cdrecord.mmap: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord.mmap: WARNING: This causes a high risk for buffer underruns.
Starting to write CD/DVD at speed 16 in real TAO mode for single session.
Last chance to quit, starting real write in 9 seconds.
And cdrecord is running as my user id not as root, even though it's suid
(like in the sleep example above).
moseley 2591 1.0 0.6 5916 5916 pts/0 SL 07:56 0:00 cdrecord.mmap -v
dev=0,1,0 KNOPPIX_V3.3-2003-11-14-EN.iso
So why is cdrecord.mmap not running as root?
--
Bill Moseley
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
