search for: setuid

Displaying 20 results from an estimated 658 matches for "setuid".

2008 Aug 26
5
Problem w/ b95 + ZFS (version 11) - seeing fair number of errors on multiple machines
Hi, After upgrading to b95 of OSOL/Indiana, and doing a ZFS upgrade to the newer revision, all arrays I have using ZFS mirroring are displaying errors. This started happening immediately after ZFS upgrades. Here is an example: ormandj at neutron.corenode.com:~$ zpool status pool: rpool state: DEGRADED status: One or more devices has experienced an unrecoverable error. An attempt
1997 Apr 29
9
Yet Another DIP Exploit?
I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1:
2010 Apr 07
3
how to mount shares as a user without mount.cifs setuid
I'm running Debian/Squeeze on an AMD64 system. For some reason they have recently stopped shipping mount.cifs with the setuid bit set. Now it appears that they have changed the internal settings to prevent it from running setuid. This means that I can't define the share in fstab with "user" and connect from my Linux user account. Mounting smb/cifs shares seems to be blocked except for root. Presumab...
2009 Oct 27
1
SetUID check problem
Running dovecot 1.2.4 on FreeBSD using Postfix. Everything works fine normally, but deliver is executable by world. This is not normally a problem, as I don't run deliver SetUID root. But for whatever reason, when deliver is called by something that IS SetUID root I get the following error: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#...
2002 May 16
3
uidswap
All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid swaping occurs ) Thanks Doug Chimento
2018 Jul 06
2
Does anyone use UsePrivilegedPort=yes or setuid ssh(1) ?
Hi. Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for what use case? ssh(1) has had code in it to support installing setuid root since approximately forever, however OpenBSD has not shipped it in that configuration since 2002 (and I suspect these days no vendor does). As far as I can tell, all of the reasons for this no longer apply:...
2016 Feb 04
1
libvirt.so is not safe to use from setuid programs
Hi, When trying to connect the HyperVisor from a binary having setuid bit set , then I got following error: Unable to perform virConnectOpenReadOnly function error(internal error: libvirt.so is not safe to use from setuid programs) My test software config is the following : -rwsr-xr-x. 1 root root 3374956 Feb 4 13:45 test As this test software needs S bit to be...
2006 Dec 03
1
Deliver Root Setuid
Hi, I just configured my Postfix installation to deliver via Dovecot LDA. But because I use separate uids for virtual domains I had to set deliver to be setuid root. Altough I find this as frequent answer to this problem with deliver LDA I am not a 100% sure - basically because I try to avoid root setuids as much as I can. What should be better solution - to have all mailboxes with one owner or this setuid binary? My main reason for separate uids was fi...
2009 Apr 30
2
ChrootDirectory %h
...part of the tree, nothing more. Especially, it should not distort the kind of actions the user could take if he logged in locally and did `chroot ~`. In <alpine.BSO.2.00.0903291837370.31551 at fuyu.mindrot.org> it was stated that the main reason for not relaxing this restriction is that setuid binaries could be executed. This argument isn't substantive (see arguments 2 to 5): 2.) In most cases, the user can execute the setuid binary using another execution chain, for example if - he's got a web hosting account and can execute it using a CGI script, or if - he logged into the...
2007 May 13
1
dovecot deliver tries to setuid but why?
...er is running as vmail:vmail (according to postfix's master.cf). Now the problem (when receiving mail): deliver(leva): auth input: leva deliver(leva): auth input: uid=8006 deliver(leva): auth input: gid=8000 deliver(leva): auth input: home=/var/mail/virtual/leva deliver(leva): setuid(8006) failed: Operation not permitted Every virtual user has different uids, but the gid is the *same* for everyone. The gid is 8000(vmail) for everybody, and deliver runs as 8000:8000 (vmail:vmail). vmail group has write access to the users' maildirs. So why does deliver try to setuid when...
2007 Apr 24
2
chmod sftp command and setgid/setuid bit
...'ve done. I am contributing to some Open Source software hosted at Savannah https://savannah.nongnu.org/projects/tsp and we recently hit some sftp unexpected behavior: https://savannah.gnu.org/support/?105838 when using chmod sftp client command it appears that setuid / setgid bits are not handled on the server-side. that when I sftp> chmod 2775 afile I would expect afile to show: -rwxrwsr-x 1 openssh isgreat 0 2007-04-25 00:19 afile but I get: -rwxrwxr-x 1 openssh isgreat 0 2007-04-25 00:19 afile just as if I had typed: "chmod 7...
2019 May 24
2
imap userdb Fatal setuid errors
I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user: > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with euid=501(adminuser): Operation not permitted (This binary should probably be called with process user set to 512(myuser) instead of 501(adminuser)) I see that others have...
2019 May 27
0
imap userdb Fatal setuid errors
> On 24 May 2019 17:11 Steven Smith via dovecot <dovecot at dovecot.org> wrote: > > > I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user: > > > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with euid=501(adminuser): Operation not permitted (This binary should probably be called with process user set to 512(myuser) instead of 501(adminuser)) > > I se...
2007 Nov 16
1
Problem running a setuid Perl script on CentOS 4.5
I'm trying to create a setuid Perl script (yes, I am aware about the security implications), but am getting this error: % cat testsetuid.pl #!/usr/bin/perl -UT print "My real user id is $< but my effective user id is $>\n"; exit(0); % ./testsetuid.pl Can't do setuid (cann...
2008 Apr 14
1
install perl with setuid emulation
Dear All, i would like to know how to install perl with setuid emulation since the default centos 5 wont install with the setuid emulation apprecite your help regards simon -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
2004 Feb 27
1
setuid rsync
...erything is pretty much working. The only thing is, I am trying to perserve file ownership. I don't want to use ssh keys w/o a password (for obvious reasons), so I what I did was this: I setup a chrooted account called backup (using JAIL), and installed rsync in the chrooted directory as setuid. I changed some permissions at the directory level so only backup has access to this directory (so non-chrooted users can't access /backup/usr/local/, etc...). Now, when I run rsync from the remote server, it logins and creates all the files with ownership "root" ins...
2005 Jul 06
1
setuid/setgid bits
version: rsync v2.6.1 (+ a minor, unrelated patch). I'm rsyncing files (not as root) and am happy (indeed, for what I want, delighted) that the files at the target side end up owned by the account doing the rsync. However, I've found that if I have a setuid/setgid file on the source side, the target file ends up setuid/setgid too (but under a different id!). This happens whether or not I specify the "-p" option. Am I missing something? What I would like to be able to do is to get the target files to have the source permissio...
2011 Apr 21
7
[Bug 1893] New: change ssh-keisign to setgid from setuid
https://bugzilla.mindrot.org/show_bug.cgi?id=1893 Summary: change ssh-keisign to setgid from setuid Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchad...
2013 Oct 14
2
setuid or other ideas
...oftware. I would like this piece of software to take on the user and group identities that are different than 'mail' which is what happens now. I want to use a user and group that is not root), so that the piece of software will be able to write (concatenate) to a file. I have never used setuid, but it appears that this will only allow a piece of software to be set to root. I really do not want to give that kind of privilege to this piece of software. Any ideas? -- Greg Ennis PoMec Corporation www.PoMec.Net
2002 Jun 11
4
ssh setuid changes.
Ok, I'm doing a heads up here. I just applied: - markus at cvs.openbsd.org 2002/06/11 04:14:26 [ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@ A few comments about this.. 1. I bet dollars to donuts that platforms with problems recovering from set[e]uid() changes (NeXT,etc). 2. ssh_create_socket() changed slightly...