Re: Basic setuid question

Fri, 12 Sep 2008 14:39:54 -0700

I know, bad style replying to my own post but I figured out what was going on. At http://subversion.tigris.org/faq.html#hook-debugging there is a suggestion to run with an empty environment. The equivalent in my program was:
execle("/usr/local/bin/svn", "svn", "update", argv[1], (const char *) NULL, (const char *)NULL); 


which passes an empty environment to the new process.  This worked like 
a charm.




Scott Dunbar wrote:

Hi,

I'm trying to implement the suggestions from 
http://subversion.tigris.org/faq.html#website-auto-update to allow me 
to update code via a web interface.  My code is a bit different from 
the example as the example wasn't even trying to work.  The code I'm 
using is below.  However, it appears that the code that is execl()'d 
is still not running as the user I'd like.  The executable created 
from the code below is set to 4755 permissions but it doesn't seem to 
matter.  I've also tried a variety of the set*uid() methods with 
various failures.  The printf()'s indicate what I'd expect but the 
execl()'d program is still apparently not running as the correct user.


I'm running on


Linux habanero.xigole.com 2.6.18-6-amd64 #1 SMP Tue Aug 19 04:30:56 
UTC 2008 x86_64 GNU/Linux


and

$ cat /etc/debian_version
4.0


Is there something obvious going on to prevent the execl()'d process 
from running as the correct user?  An strace shows that, in this case, 
the svn command is still accessing information from the original 
user's home account.


Thanks for any help.

Code I'm using:

#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <errno.h>
int main( int argc, char** argv )
{
   if( argc != 2 )
   {
       fprintf( stderr, "usage: %s <dir_to_update>\n", argv[0] );
       return(EXIT_FAILURE);
   }

   printf( "(1) euid is %d, uid is %d\n", geteuid(), getuid() );

   if( setreuid(geteuid(), geteuid()) != 0 )
   {

       fprintf( stderr, "Cannot change users.  Reason: %s\n", 
strerror(errno) );

       return(EXIT_FAILURE);
   }

   printf( "(2) euid is %d, uid is %d\n", geteuid(), getuid() );


   execl("/usr/local/bin/svn", "svn", "update", argv[1], (const char 
*) NULL);


   return(EXIT_FAILURE);
}





--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
























					Reply via email to