On Fri, Mar 10, 2000 at 09:22:15PM +0000, Jan-Simon Pendry wrote:
> Otto E Solares wrote:
> >
> > On Fri, Mar 10, 2000 at 08:46:01AM +0000, Jan-Simon Pendry wrote:
> > > Otto E Solares wrote:
> > > > [snip]
> > > >
> > > > In my case this program fails to stat the file with the following
> > > > conditions:
> > > > The /home directory is group owned by any other group where your user
> > > > belongs but root doesn't belong.
> > > > The /home directory is in 0750 mode.
> > > > The file to stat is not a relative path but an absolute one.
> > > > The program is run as root but as you can see it changes the euid
> > > > to your user.
> > > >
> > > > When this conditions are in place stat fails under linux, so the
> > > > temporary fix is to chmod 0755 the /home directory.
> > >
> > > this sounds correct to me. the sample program sets euid to 500,
> > > and leaves the group set alone. since /home is owned by root,
> > > the process will have neither owner access (not root) nor group
> > > access (you state that root isn't in the group that owns the
> > > directory). therefore the stat() will fail trying to access /home.
> > > presumably that's why relative paths work since none of the one's
> > > you tested go through /home?
> >
> > is a bug in stat because when you stat the file as a normal user
> > stat works correctly but when root run the program and then
> > he seteuid to the above normal user, it fail. I discover it because
> > this is what many daemons do and i have this exactly configuration
> > to make it fail. Other unices works fine.
> >
> > It seems that nobody is interested in this serious issue...
> >
> > -otto
>
> when you run as a normal user, you have a group id that
> matched the group id of /home, so that gave access to /home.
> when you ran as root, the seteuid succeeded, but the process
> is still running with root's group set. that does not permit
> access to /home.
>
> please explain in more detail why you think this behaviour
> is different to other unix systems.
>
> jan-simon.
This behavior is not the same under the other unices, i am not
an expert in stat, and as far as openssh and other daemons is
concerned they should work the same. You are right in what
stat should do, but there have to be a standard that other
unices agree except linux.
Here comes an app that is running as root, pum, it seteuid to
the user and drops root, it stat the file and access is denied,
weird...
The guy who made the sys_newstat syscall should tell us something
about what should be the good thing.
-otto
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:18 EST