Displaying 20 results from an estimated 823 matches for "setuid".
2008 Aug 26
5
Problem w/ b95 + ZFS (version 11) - seeing fair number of errors on multiple machines
Hi,
After upgrading to b95 of OSOL/Indiana, and doing a ZFS upgrade to the newer
revision, all arrays I have using ZFS mirroring are displaying errors. This
started happening immediately after ZFS upgrades. Here is an example:
ormandj at neutron.corenode.com:~$ zpool status
pool: rpool
state: DEGRADED
status: One or more devices has experienced an unrecoverable error. An
attempt was
1997 Apr 29
9
Yet Another DIP Exploit?
I seem to have stumbled across another vulnerability in DIP. It
appears to allow any user to gain control of arbitrary devices in /dev.
For instance, I have successfully stolen keystrokes from a root login as
follows... (I could also dump characters to the root console)
$ whoami
cesaro
$ cat < /dev/tty1 <------ root login here
bash: /dev/tty1: Permission denied
2010 May 28
2
setuids mount option broke
Hello,
I'm trying to export a /home/ partition for multiple users, using
Samba and the setuids option. My goal is to deliver emails into
$HOME/.Maildir/ for each user. So I mount the share as user "root",
hoping that each user will be able to use their own home directory (just
like an NFS /home/ mount). (This feature depends on the Unix extensions.)
I have the following...
2010 Apr 07
3
how to mount shares as a user without mount.cifs setuid
I'm running Debian/Squeeze on an AMD64 system. For some reason they have
recently stopped shipping mount.cifs with the setuid bit set. Now it
appears that they have changed the internal settings to prevent it from
running setuid. This means that I can't define the share in fstab with
"user" and connect from my Linux user account. Mounting smb/cifs shares
seems to be blocked except for root.
Presumably t...
2009 Oct 27
1
SetUID check problem
Running dovecot 1.2.4 on FreeBSD using Postfix. Everything works fine
normally, but deliver is executable by world.
This is not normally a problem, as I don't run deliver SetUID root.
But for whatever reason, when deliver is called by something that IS
SetUID root I get the following error:
/usr/local/libexec/dovecot/deliver must not be both world-executable
and setuid-root. This allows root exploits. See
http://wiki.dovecot.org/LDA#multipleuids
Deliver's perm...
2002 May 16
3
uidswap
All,
Could someone explain the purpose of the uidswap functions with
respect to ssh ( the client ). From what I gathered , ssh installs as
setuid root and swaps ids when reading potential key files that may be read
only by root. Also , I think when binding to a privileged port ssh swaps
id. Is that so? What are the consequnences if you do not install ssh setuid
root? ( As far I as know no uid swaping occurs )
Thanks
Doug Chimento
2018 Jul 06
2
Does anyone use UsePrivilegedPort=yes or setuid ssh(1) ?
Hi.
Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for
what use case?
ssh(1) has had code in it to support installing setuid root since
approximately forever, however OpenBSD has not shipped it in that
configuration since 2002 (and I suspect these days no vendor does).
As far as I can tell, all of the reasons for this no longer apply:...
2016 Feb 04
1
libvirt.so is not safe to use from setuid programs
Hi,
When trying to connect the HyperVisor from a binary having setuid bit set , then I got following error:
Unable to perform virConnectOpenReadOnly function error(internal error: libvirt.so is not safe to use from setuid programs)
My test software config is the following :
-rwsr-xr-x. 1 root root 3374956 Feb 4 13:45 test
As this test software needs S bit to be...
2006 Dec 03
1
Deliver Root Setuid
Hi,
I just configured my Postfix installation to deliver via Dovecot LDA. But
because I use separate uids for virtual domains I had to set deliver to be
setuid root. Altough I find this as frequent answer to this problem with
deliver LDA I am not a 100% sure - basically because I try to avoid root
setuids as much as I can.
What should be better solution - to have all mailboxes with one owner or
this setuid binary?
My main reason for separate uids was fi...
2007 May 13
1
dovecot deliver tries to setuid but why?
...ecot's deliver is running as vmail:vmail (according to postfix's
master.cf).
Now the problem (when receiving mail):
deliver(leva): auth input: leva
deliver(leva): auth input: uid=8006
deliver(leva): auth input: gid=8000
deliver(leva): auth input: home=/var/mail/virtual/leva
deliver(leva): setuid(8006) failed: Operation not permitted
Every virtual user has different uids, but the gid is the *same* for
everyone. The gid is 8000(vmail) for everybody, and deliver runs as
8000:8000 (vmail:vmail). vmail group has write access to the users'
maildirs. So why does deliver try to setuid when...
2007 Apr 24
2
chmod sftp command and setgid/setuid bit
...m very pleased
with the work you've done.
I am contributing to some Open Source software hosted at Savannah
https://savannah.nongnu.org/projects/tsp
and we recently hit some sftp unexpected behavior:
https://savannah.gnu.org/support/?105838
when using chmod sftp client command
it appears that setuid / setgid bits are not handled on the server-side.
that when I
sftp> chmod 2775 afile
I would expect afile to show:
-rwxrwsr-x 1 openssh isgreat 0 2007-04-25 00:19 afile
but I get:
-rwxrwxr-x 1 openssh isgreat 0 2007-04-25 00:19 afile
just as if I had typed: "chmod 775 a...
2007 Jan 18
1
Replicating a tree with root permissions
We have a large (20Gb, 250000 files) tree which needs to replicate across our WAN on a regular basis. We have been using a wrapper script around rsync to do this; the wrapper script runs setuid-root on a Solaris 8 server. However, we have on-going problems with files whose permissions don't replicate correctly. These file permissions are the REAL problem; if the permissions aren't correct, the tree isn't useful.
Current rsync command-line:
rsync -e rsh --stats --delete -...
2009 Apr 30
2
ChrootDirectory %h
...part of the tree, nothing more. Especially, it should not
distort the kind of actions the user could take if he logged in locally
and did `chroot ~`.
In <alpine.BSO.2.00.0903291837370.31551 at fuyu.mindrot.org> it was stated
that the main reason for not relaxing this restriction is that setuid
binaries could be executed. This argument isn't substantive (see
arguments 2 to 5):
2.) In most cases, the user can execute the setuid binary using another
execution chain, for example if
- he's got a web hosting account and can execute it using a CGI script,
or if
- he logged into the...
2019 May 27
0
imap userdb Fatal setuid errors
> On 24 May 2019 17:11 Steven Smith via dovecot <dovecot at dovecot.org> wrote:
>
>
> I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user:
>
> > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with euid=501(adminuser): Operation not permitted (This binary should probably be called with process user set to 512(myuser) instead of 501(adminuser))
>
> I se...
2007 Nov 16
1
Problem running a setuid Perl script on CentOS 4.5
I'm trying to create a setuid Perl script (yes, I am aware about the
security implications), but am getting this error:
% cat testsetuid.pl
#!/usr/bin/perl -UT
print "My real user id is $< but my effective user id is $>\n";
exit(0);
% ./testsetuid.pl
Can't do setuid (cannot exec sperl)...
2008 Apr 14
1
install perl with setuid emulation
Dear All,
i would like to know how to install perl with setuid emulation since the
default centos 5 wont install with the setuid emulation
apprecite your help
regards
simon
--
Network ADMIN:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
2004 Feb 27
1
setuid rsync
...o everything is pretty much
working. The only thing is, I am trying to perserve file ownership. I
don't want to use ssh keys w/o a password (for obvious reasons), so I
what I did was this:
I setup a chrooted account called backup (using JAIL), and installed
rsync in the chrooted directory as setuid. I changed some permissions
at the directory level so only backup has access to this directory (so
non-chrooted users can't access /backup/usr/local/, etc...). Now, when
I run rsync from the remote server, it logins and creates all the files
with ownership "root" instead of "ba...
2005 Jul 06
1
setuid/setgid bits
version: rsync v2.6.1 (+ a minor, unrelated patch).
I'm rsyncing files (not as root) and am happy (indeed, for what I
want, delighted) that the files at the target side end up owned by the
account doing the rsync.
However, I've found that if I have a setuid/setgid file on the source
side, the target file ends up setuid/setgid too (but under a different
id!). This happens whether or not I specify the "-p" option.
Am I missing something?
What I would like to be able to do is to get the target files to have
the source permissions *exce...
2019 May 24
2
imap userdb Fatal setuid errors
I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user:
> May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with euid=501(adminuser): Operation not permitted (This binary should probably be called with process user set to 512(myuser) instead of 501(adminuser))
I see that others have...
2013 Oct 14
2
setuid or other ideas
...oftware. I would like
this piece of software to take on the user and group identities that are
different than 'mail' which is what happens now. I want to use a user
and group that is not root), so that the piece of software will be able
to write (concatenate) to a file.
I have never used setuid, but it appears that this will only allow a
piece of software to be set to root. I really do not want to give that
kind of privilege to this piece of software.
Any ideas?
--
Greg Ennis
PoMec Corporation
www.PoMec.Net