Re: File ownership of setuid processes

Fri, 01 Dec 2006 03:13:45 -0800 

On Fri, 1 Dec 2006, Samuel Moqux wrote:

> Hi everyone!,
>
> I'm trying to migrate a sympa installation (sympa is a perl written
> mailing list manager) from a Linux system into an OpenBSD one, and I'm
> getting into a strange problem.
>
> The way a message reaches the sympa is trough a C written, setuid
> binary called "queue" which is setuid to sympa's user. The MTA pipes
> the message into this binary, which its only mission is to create a
> file into a spool direcotry, where the main sympa process can read it.
>
> The problem here is that "queue" in OpenBSD isn't creating files with
> sympa ownership, so the main process can't read them(they are owned by
> "daemon").

My bet would be that you are executing the program from a file system
that is mounted nosuid.

        -Otto

>
> I have done a small test program to be run in both systems, and thats
> what I get:
>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
>
> int main (void) {
>        int fd;
>        char msg1[] = "Cannot open file\n";
>
>        umask(027);
>        if (!(fd = open("/tmp/testfile", O_CREAT| O_WRONLY , 0600))) {
>                write(2,msg1, sizeof(msg1));
>        }
>        close(fd);
> }
>
> ---- OpenBSD System
> # make test
> cc -O2 -pipe    -o test test.c
> # chown _sympa._sympa test
> # chmod u+s test
> # ./test
> # ls -l
> total 32
> -rw-------  1 _sympa   wheel   2984 Nov 30 16:02 ayud
> drwx------  2 _clamav  wheel    512 Dec  1 09:30 clamav-1cd2ff8e8aea8f7f
> -rwsr-xr-x  1 _sympa   _sympa  6641 Dec  1 09:31 test
> -rw-r--r--  1 root     wheel    255 Dec  1 09:29 test.c
> -rw-------  1 root     wheel      0 Dec  1 09:30 testfile
>
> ------------------------------------------------------------
> [EMAIL PROTECTED] tmp]# make test
> cc     test.c   -o test
> [EMAIL PROTECTED] tmp]# chown sympa.sympa test
> [EMAIL PROTECTED] tmp]# chmod u+s test
> [EMAIL PROTECTED] tmp]# ./test
> [EMAIL PROTECTED] tmp]# ls -l
> total 16
> -rwsr-xr-x    1 sympa    sympa       14092 dic  1 09:33 test
> -rw-r--r--    1 root     root          312 dic  1 09:27 test.c
> -rw-------    1 sympa    root            0 dic  1 09:34 testfile
>
> It's ok this different behaviour? or may be there is something that
> I'm doing wrong?
>
> Thanks in advance.

Reply via email to