Skip Menu |
 

Download (untitled) / with headers
text/plain 5.8KiB
From jakob@weite-welt.com Sun Dec 13 10:29:58 1998
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id KAA19985 for <bugs@RT-11.MIT.EDU>; Sun, 13 Dec 1998 10:29:53 -0500
Received: from PINGUIN.UNI-MUENSTER.DE by MIT.EDU with SMTP
id AA03578; Sun, 13 Dec 98 10:29:33 EST
Received: from aegir.asgard.sol (root@RAS04-079.UNI-MUENSTER.DE [128.176.233.208])
by pinguin.uni-muenster.de (8.8.8/8.8.8) with ESMTP id QAA10710
for <krb5-bugs@mit.edu>; Sun, 13 Dec 1998 16:29:28 +0100
Received: (from jakob@localhost)
by aegir.asgard.sol (8.9.1/8.8.8) id XAA11543
for krb5-bugs@mit.edu; Sat, 12 Dec 1998 23:57:23 +0100
Message-Id: <19981212235722.A11508@aegir.asgard.sol>
Date: Sat, 12 Dec 1998 23:57:22 +0100
From: Leif Jakob <jakob@weite-welt.com>
To: krb5-bugs@MIT.EDU
Subject: Bugs with solutions (Linux)

Show quoted text
>Number: 676
>Category: pending
>Synopsis: Bugs with solutions (Linux)
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: mistaken
>Submitter-Id: unknown
>Arrival-Date: Sun Dec 13 10:30:00 EST 1998
>Last-Modified: Fri Jan 22 00:50:12 EST 1999
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:

From: tytso@MIT.EDU
To: jakob@weite-welt.com
Cc: krb5-bugs@MIT.EDU, gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
Subject: Re: pending/676: Bugs with solutions (Linux)
Date: Wed, 23 Dec 1998 09:32:17 -0500

Date: Sat, 12 Dec 1998 23:57:22 +0100
From: Leif Jakob <jakob@weite-welt.com>

Specification:
Linux 2.0.35 (former Suse 5.1 but hardly hacked)
libc.so.5.4.33
gcc 2.7.2.1
krb5-1.0.5
libncurses.so.3.0.970515

Here are my bugs:
After running configure the telnet and telnetd didn't link. I had
to add the -lncurses in both Makefiles. But the telnet did cause
stack overflows because the tgetent called itself recursiv (checked
with debugger). Don't know why.

This isn't a problem on my RedHat 5.2 system. Your proposed solution is
a bit of a kludge, so I'm not at all enthusiastic about applying it.
Especially since it works just fine on my Linux system.....

Next Bug (probably Linux specific):
In ksu the program calls first seteuid(target) this is no problem,
but the next call to seteuid(0) fails.

Again, this works just fine on my RedHat 5.2 system. I'm not sure what
SUSE is doing with its libc, but as far as I know seteuid() should obey
the saved setuid semantics, so this again sounds like a SUSE bug....

Solution:
Set the real and effective user to superuser at start of program:

This is a really, really bad idea, and creates significant security
holes in ksu. There's a reason why we very carefully save and reset the
effective uid.....

Can you try running this program as a setuid program, and tell me what
it sends back? Also, can you try running this program under strace
(you'll have to do it as root), and send me back the strace output?
That would help me determine what your SUSE system is doing. I'm
pretty sure that this worked on my RedHat system even back when we
were using libc5, so I'm really surprised you're having this
difficulty on your system.

main()
{
int my_uid, my_euid;

my_uid = getuid();
my_euid = geteuid();
printf("ruid=%d, euid=%d\n", getuid(), geteuid());
seteuid(my_uid);
printf("ruid=%d, euid=%d\n", getuid(), geteuid());
seteuid(my_euid);
printf("ruid=%d, euid=%d\n", getuid(), geteuid());
exit(0);
}


- Ted

P.S. One of our Krb5 development platforms is my Linux i386 laptop,
so in general things should work fairly well under Linux.
Unfortunately I can't always control exactly which libraries a
particular distribution might choose to use, and the problems you are
describing sound very much like library problems.

State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Fri Jan 22 00:49:49 1999
State-Changed-Why: Not really a bug.


Show quoted text
>Unformatted:
Hi MIT!

Specification:
Linux 2.0.35 (former Suse 5.1 but hardly hacked)
libc.so.5.4.33
gcc 2.7.2.1
krb5-1.0.5
libncurses.so.3.0.970515

Here are my bugs:
After running configure the telnet and telnetd didn't link. I had
to add the -lncurses in both Makefiles. But the telnet did cause
stack overflows because the tgetent called itself recursiv (checked
with debugger). Don't know why.

I added the line just before this function:
#define HAVE_SETUPTERM
So this part isn't compiled anymore - it works.

Next Bug (probably Linux specific):
In ksu the program calls first seteuid(target) this is no problem,
but the next call to seteuid(0) fails.

Solution:
Set the real and effective user to superuser at start of program:

### CUT HERE ### patch -u

--- main.c Sat Dec 12 23:33:51 1998
+++ main.c.backup Sat Feb 7 04:41:57 1998
@@ -1,5 +1,3 @@
-#include <unistd.h>
-
/*
* Copyright (c) 1994 by the University of Southern California
*
@@ -384,9 +382,6 @@
if (cc_source_tag_tmp == (char *) 1)
cc_source_tag_tmp = cc_source_tag;
}
-
- setreuid(0,0);
-
if (krb5_seteuid(source_uid)) {
com_err ( prog_name, errno, "while setting euid to source user");
exit(1);

### CUT HERE ###

Now it works. May be linux specific?

If for any reason you think this patch is no good idea, please
send me some mail.


Thanks for the product its really cute

Leif Jakob

--

################################################################
# FAX/Voice : +49-251-211236 | Admin of www.weite-welt.com #
# To get my PGP-Key send | #
# message with subject : | Visit my private homepage: #
# GETPGPKEY | http://www.jakob.weite-welt.com #
################################################################

This mail was composed on a 100% M$ free system - Linux rules.