Re: Special setuid wrapper for Mango

From: Tobias Mueller <muelli cryptobitch de>
To: Olav Vitters <olav bkor dhs org>
Cc: gnome-infrastructure gnome org
Subject: Re: Special setuid wrapper for Mango
Date: Tue, 03 Nov 2009 12:36:53 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aloha,

On 30.07.2009 13:42, Olav Vitters wrote:
> Could someone write a setuid wrapper for me?
> 
I finally had time to do it.

> I'd like people to be able to reset their Mango LDAP password. For this
> I'd like to have it work by allowing people to do:
>   ssh -l $USERID mango.gnome.org mango
> 
> The fake mango command would call the setuid mango (not setuid root!)
> script named:
> /usr/local/bin/mango-reset (or something)
> which calls:
> /usr/local/bin/mango-reset.py $ORIGINAL_ID (or something, ENV variable
> is also ok, at long as everything stays secure)
> 

The should be pretty secure. I can't think of any vulnerabilities.

#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

static const char program[] = "/usr/local/bin/mango-reset.py";
/* Testscript containing "env" static const char program[] =
"/tmp/env.sh"; */

static const char* environment[] = {"PYTHONPATH=foo", "bar=baz", NULL};

int
main (int argc, char* argv[]) {
    uid_t real, effective, saved;
    char buf[1024]; /* Assumed to be sufficient */

    if (getresuid (&real, &effective, &saved) < 0) {
        fprintf (stdout, "getresuid()\n");
        exit (EXIT_FAILURE);
    }
    if (snprintf (buf, sizeof(buf), "%d", real) < 0) {
        fprintf (stdout, "snprintf()\n");
        exit (EXIT_FAILURE);
    }
    execle (program, buf, NULL, environment);
    /* Not reached */
    return 0;
}


> 
> So I need a secure /usr/local/bin/mango-reset.c which checks which user
> called it
That is saved in saved_uid which is retrieved through getresuid().

> Could someone write above for me, securely?
> 
Well, I'm not using system() since it'd inherit the environment, which
contains at least the IFS, PATH or PYTHONPATH environment variable. This
can be a problem. So using exec() family, one can define the
environment. So you might want to adapt this since you'll need a
PYTHONPATH, I guess.

I'll buy anyone a beer who finds a vulnerability in that piece of code
above :)

> Note: We already have something for signal-ftp-sync. Can't reuse it as I
> want to know who called the setuid wrapper.
> 
Haven't had a look at it.

HTH,
  Tobi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrwI94ACgkQPuBX/6ogjZ5MDgCfX4+xmRtPUmCr2R0kJNhTPszj
9QIAn34fhLQGSa3sdKCfGUk/RPeZP4YC
=7bVY
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Special setuid wrapper for Mango
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]