execve() fails for everyone but root (2.0.>33)

Torsten Luettgert (shaitan@physik.TU-Berlin.DE)
Wed, 14 Oct 1998 11:41:24 +0200 (CEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ryan O'Connell: "Cpuinfo and Pentiums [Was: "Geeks with Guns" and a question]"
Previous message: Daniel J. Rodriksson: "sb16 duplex for 2.1.125"

Hello,

I have a problem with the linux kernels 2.0.x where x>=34. They boot ok,
but I can only work as root, since no other user is allowed to execute
anything (including the shell), no matter what the permissions are.

The file system is an ext2 fs, my libc is 5.4.38. With kernel 2.0.33,
everything works fine. /bin has permissions drwxr-xr-x, btw.
strace shows that the execve() call fails with "permission denied".

I append a short listing of a test program I wrote in order to examine this
and its output:

------- test.c ------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/stat.h>

int main( int argc, char **argv, char **envp ){
char *arg[] = { "/bin/sh", "-c", "ls", NULL };
int i;
struct stat ruebe;

errno = 0;
i = setgid( 100 ); /* not important */
printf( "after setgid(): i=%i, errno=%i (%s)\n", i, errno, strerror(errno) );

errno = 0;
i = setuid( 501 );
printf( "after setuid(): i=%i, errno=%i (%s)\n", i, errno, strerror(errno) );

errno = 0;
i = stat( "/bin/sh", &ruebe );
printf( "after stat: i = %i, errno = %i (%s)\n", i, errno, strerror(errno) );
printf( "st_mode = %li\n", ruebe.st_mode );
printf( "st_mode & S_IFSOCK = %i (S_IFSOCK==%i)\n", ruebe.st_mode & S_IFSOCK, S_IFSOCK );
printf( "st_mode & S_IFLNK = %i (S_IFLNK==%i)\n", ruebe.st_mode & S_IFLNK, S_IFLNK );
printf( "st_mode & S_IFREG = %i (S_IFREG==%i)\n", ruebe.st_mode & S_IFREG, S_IFREG );
printf( "st_mode & S_IFBLK = %i (S_IFBLK==%i)\n", ruebe.st_mode & S_IFBLK, S_IFBLK );
printf( "st_mode & S_IFDIR = %i\n", ruebe.st_mode & S_IFDIR );
printf( "st_mode & S_IFCHR = %i\n", ruebe.st_mode & S_IFCHR );
printf( "st_mode & S_IFIFO = %i\n", ruebe.st_mode & S_IFIFO );
printf( "st_mode & S_ISUID = %i\n", ruebe.st_mode & S_ISUID );
printf( "st_mode & S_ISGID = %i\n", ruebe.st_mode & S_ISGID );
printf( "st_mode & S_ISVTX = %i\n", ruebe.st_mode & S_ISVTX );
printf( "st_mode & S_IRUSR = %i\n", ruebe.st_mode & S_IRUSR );
printf( "st_mode & S_IWUSR = %i\n", ruebe.st_mode & S_IWUSR );
printf( "st_mode & S_IXUSR = %i\n", ruebe.st_mode & S_IXUSR );
printf( "st_mode & S_IRGRP = %i\n", ruebe.st_mode & S_IRGRP );
printf( "st_mode & S_IWGRP = %i\n", ruebe.st_mode & S_IWGRP );
printf( "st_mode & S_IXGRP = %i\n", ruebe.st_mode & S_IXGRP );
printf( "st_mode & S_IROTH = %i\n", ruebe.st_mode & S_IROTH );
printf( "st_mode & S_IWOTH = %i\n", ruebe.st_mode & S_IWOTH );
printf( "st_mode & S_IXOTH = %i\n", ruebe.st_mode & S_IXOTH );

errno = 0;
i = access( "/bin/sh", R_OK );
printf( "access(R_OK) : %i, errno=%i (%s)\n", i, errno, strerror(errno) );

errno = 0;
i = access( "/bin/sh", W_OK );
printf( "access(W_OK) : %i, errno=%i (%s)\n", i, errno, strerror(errno) );

errno = 0;
i = access( "/bin/sh", X_OK );
printf( "access(X_OK) : %i, errno=%i (%s)\n", i, errno, strerror(errno) );

errno = 0;
i = access( "/bin/sh", F_OK );
printf( "access(F_OK) : %i, errno=%i (%s)\n", i, errno, strerror(errno) );

errno = 0;
i = execve( "/bin/sh", arg, envp );
printf( "execve: i = %i, errno = %i (%s)\n", i, errno, strerror(errno) );

return 0;
}

------- test.c output -----------------------------------------------------

after setgid(): i=0, errno=0 (Success)
after setuid(): i=0, errno=0 (Success)
after stat: i = 0, errno = 0 (Success)
st_mode = 33261
st_mode & S_IFSOCK = 32768 (S_IFSOCK==49152)
st_mode & S_IFLNK = 32768 (S_IFLNK==40960)
st_mode & S_IFREG = 32768 (S_IFREG==32768)
st_mode & S_IFBLK = 0 (S_IFBLK==24576)
st_mode & S_IFDIR = 0
st_mode & S_IFCHR = 0
st_mode & S_IFIFO = 0
st_mode & S_ISUID = 0
st_mode & S_ISGID = 0
st_mode & S_ISVTX = 0
st_mode & S_IRUSR = 256
st_mode & S_IWUSR = 128
st_mode & S_IXUSR = 64
st_mode & S_IRGRP = 32
st_mode & S_IWGRP = 0
st_mode & S_IXGRP = 8
st_mode & S_IROTH = 4
st_mode & S_IWOTH = 0
st_mode & S_IXOTH = 1
access(R_OK) : 0, errno=0 (Success)
access(W_OK) : -1, errno=13 (Permission denied)
access(X_OK) : 0, errno=0 (Success)
access(F_OK) : 0, errno=0 (Success)
execve: i = -1, errno = 13 (Permission denied)

---------------------------------------------------------------------------

P.S.: for possible solutions, please reply to me directly, since I won't
join this mailing list (enough mail in my box already :-)

Thanks,
Torsten Luettgert (shaitan@physik.tu-berlin.de)

---------------------------------------------------------------------------
Torsten Luettgert, shaitan@physik.tu-berlin.de, risa@risa.de
privat 771 92 86 RISA GmbH 315 706-0
"I used to be an agnostic, but now I'm not so sure."
---------------------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ryan O'Connell: "Cpuinfo and Pentiums [Was: "Geeks with Guns" and a question]"
Previous message: Daniel J. Rodriksson: "sb16 duplex for 2.1.125"