search for: setuid

Hi, After upgrading to b95 of OSOL/Indiana, and doing a ZFS upgrade to the newer revision, all arrays I have using ZFS mirroring are displaying errors. This started happening immediately after ZFS upgrades. Here is an example: ormandj at neutron.corenode.com:~$ zpool status pool: rpool state: DEGRADED status: One or more devices has experienced an unrecoverable error. An attempt was

I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1: Permission denied

Hello, I'm trying to export a /home/ partition for multiple users, using Samba and the setuids option. My goal is to deliver emails into $HOME/.Maildir/ for each user. So I mount the share as user "root", hoping that each user will be able to use their own home directory (just like an NFS /home/ mount). (This feature depends on the Unix extensions.) I have the following...

I'm running Debian/Squeeze on an AMD64 system. For some reason they have recently stopped shipping mount.cifs with the setuid bit set. Now it appears that they have changed the internal settings to prevent it from running setuid. This means that I can't define the share in fstab with "user" and connect from my Linux user account. Mounting smb/cifs shares seems to be blocked except for root. Presumably t...

Running dovecot 1.2.4 on FreeBSD using Postfix. Everything works fine normally, but deliver is executable by world. This is not normally a problem, as I don't run deliver SetUID root. But for whatever reason, when deliver is called by something that IS SetUID root I get the following error: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids Deliver's perm...

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid swaping occurs ) Thanks Doug Chimento

Hi. Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for what use case? ssh(1) has had code in it to support installing setuid root since approximately forever, however OpenBSD has not shipped it in that configuration since 2002 (and I suspect these days no vendor does). As far as I can tell, all of the reasons for this no longer apply:...

Hi, When trying to connect the HyperVisor from a binary having setuid bit set , then I got following error: Unable to perform virConnectOpenReadOnly function error(internal error: libvirt.so is not safe to use from setuid programs) My test software config is the following : -rwsr-xr-x. 1 root root 3374956 Feb 4 13:45 test As this test software needs S bit to be...

Hi, I just configured my Postfix installation to deliver via Dovecot LDA. But because I use separate uids for virtual domains I had to set deliver to be setuid root. Altough I find this as frequent answer to this problem with deliver LDA I am not a 100% sure - basically because I try to avoid root setuids as much as I can. What should be better solution - to have all mailboxes with one owner or this setuid binary? My main reason for separate uids was fi...

...ecot's deliver is running as vmail:vmail (according to postfix's master.cf). Now the problem (when receiving mail): deliver(leva): auth input: leva deliver(leva): auth input: uid=8006 deliver(leva): auth input: gid=8000 deliver(leva): auth input: home=/var/mail/virtual/leva deliver(leva): setuid(8006) failed: Operation not permitted Every virtual user has different uids, but the gid is the *same* for everyone. The gid is 8000(vmail) for everybody, and deliver runs as 8000:8000 (vmail:vmail). vmail group has write access to the users' maildirs. So why does deliver try to setuid when...

...m very pleased with the work you've done. I am contributing to some Open Source software hosted at Savannah https://savannah.nongnu.org/projects/tsp and we recently hit some sftp unexpected behavior: https://savannah.gnu.org/support/?105838 when using chmod sftp client command it appears that setuid / setgid bits are not handled on the server-side. that when I sftp> chmod 2775 afile I would expect afile to show: -rwxrwsr-x 1 openssh isgreat 0 2007-04-25 00:19 afile but I get: -rwxrwxr-x 1 openssh isgreat 0 2007-04-25 00:19 afile just as if I had typed: "chmod 775 a...

We have a large (20Gb, 250000 files) tree which needs to replicate across our WAN on a regular basis. We have been using a wrapper script around rsync to do this; the wrapper script runs setuid-root on a Solaris 8 server. However, we have on-going problems with files whose permissions don't replicate correctly. These file permissions are the REAL problem; if the permissions aren't correct, the tree isn't useful. Current rsync command-line: rsync -e rsh --stats --delete -...

...part of the tree, nothing more. Especially, it should not distort the kind of actions the user could take if he logged in locally and did `chroot ~`. In <alpine.BSO.2.00.0903291837370.31551 at fuyu.mindrot.org> it was stated that the main reason for not relaxing this restriction is that setuid binaries could be executed. This argument isn't substantive (see arguments 2 to 5): 2.) In most cases, the user can execute the setuid binary using another execution chain, for example if - he's got a web hosting account and can execute it using a CGI script, or if - he logged into the...

> On 24 May 2019 17:11 Steven Smith via dovecot <dovecot at dovecot.org> wrote: > > > I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user: > > > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with euid=501(adminuser): Operation not permitted (This binary should probably be called with process user set to 512(myuser) instead of 501(adminuser)) > > I se...

I'm trying to create a setuid Perl script (yes, I am aware about the security implications), but am getting this error: % cat testsetuid.pl #!/usr/bin/perl -UT print "My real user id is $< but my effective user id is $>\n"; exit(0); % ./testsetuid.pl Can't do setuid (cannot exec sperl)...

Dear All, i would like to know how to install perl with setuid emulation since the default centos 5 wont install with the setuid emulation apprecite your help regards simon -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

...o everything is pretty much working. The only thing is, I am trying to perserve file ownership. I don't want to use ssh keys w/o a password (for obvious reasons), so I what I did was this: I setup a chrooted account called backup (using JAIL), and installed rsync in the chrooted directory as setuid. I changed some permissions at the directory level so only backup has access to this directory (so non-chrooted users can't access /backup/usr/local/, etc...). Now, when I run rsync from the remote server, it logins and creates all the files with ownership "root" instead of "ba...

version: rsync v2.6.1 (+ a minor, unrelated patch). I'm rsyncing files (not as root) and am happy (indeed, for what I want, delighted) that the files at the target side end up owned by the account doing the rsync. However, I've found that if I have a setuid/setgid file on the source side, the target file ends up setuid/setgid too (but under a different id!). This happens whether or not I specify the "-p" option. Am I missing something? What I would like to be able to do is to get the target files to have the source permissions *exce...

I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user: > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with euid=501(adminuser): Operation not permitted (This binary should probably be called with process user set to 512(myuser) instead of 501(adminuser)) I see that others have...

...oftware. I would like this piece of software to take on the user and group identities that are different than 'mail' which is what happens now. I want to use a user and group that is not root), so that the piece of software will be able to write (concatenate) to a file. I have never used setuid, but it appears that this will only allow a piece of software to be set to root. I really do not want to give that kind of privilege to this piece of software. Any ideas? -- Greg Ennis PoMec Corporation www.PoMec.Net