c - Getting the environment of a process running under a different user -

-

assume have process pid 1234 running in background under user a.

if run following program user a, succeeds. if run user b, fails open: permission denied.

this makes sense, environ file owned user , has read permission a. if make program set-user-id user , run user b, fails read: permission denied. doesn't seem happen regular file having same permissions. doesn't happen if root.

any ideas why? there other way environment of process works around issue?

#include <stdlib.h> #include <fcntl.h> #include <unistd.h> #include <stdio.h>  int main(int argc, const char *argv[]) {     unsigned char ch = 0;     int fd = -1;     int read_result = -1;      setresuid(geteuid(), geteuid(), geteuid());      fd = open("/proc/1234/environ", o_rdonly);     if (-1 == fd) {         perror("open");         return exit_failure;     }      read_result = read(fd, &ch, 1);     if (-1 == read_result) {         perror("read");         return exit_failure;     }      close(fd);      return exit_success; }

as can see, if program run without setuid, open(2) gives permission denied, whereas if run program with setuid, open(2) works ok, read(2) causes same error. happens because of additional permission check during each file operation on /proc/* inodes. looks additional permission check uses other euid of running process. if run gnu/linux, more details see note @ beginning of code in <kernel_source>/fs/proc/base.c , environ_read() function in same file.

one of possible quick solutions:

  • set owner of program file root
  • set owner group special group
  • add user should run program (user b) special group
  • set mode bits 4550 (r-sr-x---)
  • call setuid(getuid()) drop priveleges possible, i.e. right after reading environ file

in case user given group read /proc/*/environ of any other user.

if want reduce permissions of program allow read environ files of specific user (user a), should think of other tricks. example config file, containing user(s) environ file(s) read.

always careful permissions. root permissions. necessary privileged operations , drop permissions possible.


Comments

Post a Comment

Popular posts from this blog

delphi - How to convert bitmaps to video? -

-
Image
my application creates images fractals , love feeling of 'flying' around fractal. once saved 2000 bitmaps file , created avi using premiere. experience rather frustrating though succeeded in creating movie. spectacular. of course want create video application. don't care niftyness of codec, compression or whatever. want have video can replay on systems. in past have tried never succeeded. triggered question alas not ffmpeg running. update i decided adapt question , put bounty it. have seen several solutions attractive (because it's simple) seems me taviwrite. tried taviwriter did not succeed. in procedure taviwriter.write; function call around line 370 avierr := avisavev(s, // pchar(filename), nil, // file handler nil, // callback nstreams, // number of streams streams, compoptions); // compress options
Read more

jasper reports - Fixed header in Excel using JasperReports -

-
how can create excel report fixed header using japserreports? mean need header fixed when scroll excel file. this possible adding couple properties in jrxml file each report. take @ advanced excel features freeze panes. if wanted freeze after first column header (down left side basically) this: <statictext> <reportelement style="sans_bold" mode="opaque" x="0" y="60" width="104" height="20" forecolor="#ffffff" backcolor="#666666"> <property name="net.sf.jasperreports.export.xls.auto.filter" value="start"/> <property name="net.sf.jasperreports.export.xls.column.width" value="110"/> <property name="net.sf.jasperreports.export.xls.freeze.column.edge" value="left"/> </reportelement> &
Read more

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -

-
import pyodbc,nltk,array cnxn = pyodbc.connect('driver={mysql odbc 5.1 driver};server=127.0.0.1;port=3306;database=information_schema;user=root; password=1234;option=3;') cursor = cnxn.cursor() cursor.execute("use collegedatabase ;") cursor.execute("select * sampledata ; ") cnxn.commit() s=[] j=[] x=[] words = [] w = [] sfq = [] pos=[] entry in cursor: s.append(entry.injury_type),j.append(entry.injury_desc) nltk.tokenize import punktwordtokenizer nltk.corpus import stopwords tokenizer = punktwordtokenizer() english_stops = set(stopwords.words('english')) in range(0,26): # filter stop words tokenizer.tokenize(j[i]) w.append([word word in tokenizer.tokenize(j[i]) if word not in english_stops]) in range(0 , 26):#converting tokenzied text ito string sfq.append(" ".join(w[a])) replacers import regexpreplacer replacer = regexpreplacer() in range (0,26):#pos tagging replacer.repl
Read more