Smbpasswd and setuid
The DJ
hartman at mac.com
Sat Oct 20 16:27:01 GMT 2001
> The DJ <hartman at mac.com> writes:
>
>>>> The application would be called by my program, in a way in which no
>>>> additional options other then the ones I have told my application can be
>>>> specified (hardcoded in program).
>>>
>>> then why not become root in your app before running it? Or write a
>>> setuid wrapper?
>>>
>>> Having the smbpasswd binary itself setuid seems unnecessary
>>>
>>
>> You'r thinking too much unix style now ;-)
>> It wouldn't be the mac way to do.
>>
>> This is how it works.
>> I make an app. It is acompanied by an adapted version of smbpasswd which
>> will allow itself to run setuid. (I won't distribute it with setuid bit on
>> in the permissions or something). In the code I ask the system to run a
>> command (smbpasswd -a user) with root privs if a user presses a certain
>> button and if he can give the system appropriate loginname/password. If the
>> system can confirm this, then the SYSTEM runs the command (setuid, don't ask
>> me why, it's the way the API was written.) and gives back results to my app.
>
> Ah, so you're not talking about actually setting the setuid bit on the
> smbpasswd executable. You're talking about your program getting root
> privileges (through su or a helper app) in a way that has an effective
> UID of root, and a real UID of the username, after doing some kind of
> (presumably secure) authentication. Is that right?
>
> That's certainly safer. Make sure your application is very careful,
> though.
Yep that is it. You got it.
>> The only thing I'm a bit worried about is the environment variables of
>> libsmb. I don't exactly know how that works. Can any random user effect the
>> execution of smbpasswd this way? If so, then I seem to have a problem. I
>> would have to write my own variant of the Security API, that would simply
>> call sudo.
>
> You just want to clear out the environment before you call it. If
> you're calling it with one of the exec(2) system calls, use one of the
> exec?e calls, which let you specify the environment, and simply
> specify an empty environment, or else use:
>
> /usr/bin/env - /bin/su -c cmd
>
> . If you're not, probably easiest just to look at your own
> environment and unset everything.
>
> If the API uses su(1), you may find that it's done automatically
> anyways. You'll have to experiment a little bit.
>
> If you're not making the call yourself, but using an Apple API, you'll
> have to find out exactly what the Apple API does before anybody here
> can help you much. I certainly don't know, and I doubt anybody else
> here does either (or else they would have piped up by now). If it's
> poorly documented, a command like truss, strace, or ktrace may be of
> help if one is available
>
> Good luck,
>
> ----ScottG.
I'll post this stuff to the omnigroup mailing lists. They have some apple
programming freaks, who might know about the environment parts in the
security API, although I doubt it. I'll probably have to experiment ;-)
Thanx for all the help ppl.
DJ
---------------------------------------------------------------------------
Universiteit Twente
---------------------------------------------------------------------------
Derk-Jan 'The DJ' Hartman
ICQnr: 10111559
Mail: mailto:hartman at mac.com
WWW: http://home.student.utwente.nl/d.hartman/
Goto: http://www.student.utwente.nl/~macsatcampus
More information about the samba-technical
mailing list