Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Runtar error

2005-02-21 15:01:07
Subject: Re: Runtar error
From: Eric Siegerman <erics AT telepres DOT com>
To: Amanda Mailing List <amanda-users AT amanda DOT org>
Date: Mon, 21 Feb 2005 14:53:40 -0500 
On Fri, Feb 18, 2005 at 09:10:30AM -0600, Dege, Robert C. wrote:
> runtar: error [must be setuid root]

On Fri, Feb 18, 2005 at 10:49:46AM -0600, Dege, Robert C. wrote:
> -rwsr-x---  1 root   amanda  9947 Feb 16 10:43 runtar
> [plus evidence that this copy of runtar *is* the one being
> used]

Hmm, that looks like runtar complaining, so it must have been
executed.  That argues against the hypothesis that Amanda can't
run runtar at all because it's not in the "amanda" group.

And runtar clearly is setuid root.

I wonder if the file system is mounted "nosuid".....  You could
test it by copying the "id" program into the directory where
runtar lives, making it setuid root, and running it as a nonroot
user to see what it says.  (MAKE SURE to nuke your copy as soon
as you're finished with it; "id" presumably hasn't been audited
for setuid-safety!)

On a Solaris box, I get (I've edited out the list of secondary
groups):
    % pwd
    /home/erics/test

    % ls -ld id
    // I took away its world-execute more for security paranoia
    // than for the sake of strictly emulating runtar's perms
    -rwsr-x---   1 root     erics       8044 Feb 21 14:39 id

    // The real "id" command just says I'm me -- ho hum
    % /bin/id -a
    uid=1000(erics) gid=1000(erics) groups=...

    // My setuid-root "id" command.  Still says my uid is my own,
    // but note the "euid=0(root)"; that's what we're looking
    // for.  (euid==0 && uid==<yours>) is the sign of a
    // setuid-root executable.  (Similarly with gid's for setgid,
    // but that's not relevent here.)
    % ./id -a
    uid=1000(erics) gid=1000(erics) euid=0(root) groups=...

    // And just as a check, run it from a root shell; the "euid="
    // has gone away, since both euid and ruid are now both 0.
    # ./id -a
    uid=0(root) gid=1(other) groups=...

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
|  |  /
The animal that coils in a circle is the serpent; that's why so
many cults and myths of the serpent exist, because it's hard to
represent the return of the sun by the coiling of a hippopotamus.
        - Umberto Eco, "Foucault's Pendulum"
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Runtar error, Dege, Robert C.
Next by Date:  RE: Runtar error, Dege, Robert C.
Previous by Thread:  Re: Runtar error, Gene Heskett
Next by Thread:  RE: Runtar error, Dege, Robert C.
Indexes:  [Date] [Thread] [Top] [All Lists]