c - Getting the environment of a process running under a different user -

-

assume have process pid 1234 running in background under user a.

if run following program user a, succeeds. if run user b, fails open: permission denied.

this makes sense, environ file owned user , has read permission a. if make program set-user-id user , run user b, fails read: permission denied. doesn't seem happen regular file having same permissions. doesn't happen if root.

any ideas why? there other way environment of process works around issue?

#include <stdlib.h> #include <fcntl.h> #include <unistd.h> #include <stdio.h>  int main(int argc, const char *argv[]) {     unsigned char ch = 0;     int fd = -1;     int read_result = -1;      setresuid(geteuid(), geteuid(), geteuid());      fd = open("/proc/1234/environ", o_rdonly);     if (-1 == fd) {         perror("open");         return exit_failure;     }      read_result = read(fd, &ch, 1);     if (-1 == read_result) {         perror("read");         return exit_failure;     }      close(fd);      return exit_success; }

as can see, if program run without setuid, open(2) gives permission denied, whereas if run program with setuid, open(2) works ok, read(2) causes same error. happens because of additional permission check during each file operation on /proc/* inodes. looks additional permission check uses other euid of running process. if run gnu/linux, more details see note @ beginning of code in <kernel_source>/fs/proc/base.c , environ_read() function in same file.

one of possible quick solutions:

  • set owner of program file root
  • set owner group special group
  • add user should run program (user b) special group
  • set mode bits 4550 (r-sr-x---)
  • call setuid(getuid()) drop priveleges possible, i.e. right after reading environ file

in case user given group read /proc/*/environ of any other user.

if want reduce permissions of program allow read environ files of specific user (user a), should think of other tricks. example config file, containing user(s) environ file(s) read.

always careful permissions. root permissions. necessary privileged operations , drop permissions possible.


Comments

Post a Comment

Popular posts from this blog

jasper reports - Fixed header in Excel using JasperReports -

-
how can create excel report fixed header using japserreports? mean need header fixed when scroll excel file. this possible adding couple properties in jrxml file each report. take @ advanced excel features freeze panes. if wanted freeze after first column header (down left side basically) this: <statictext> <reportelement style="sans_bold" mode="opaque" x="0" y="60" width="104" height="20" forecolor="#ffffff" backcolor="#666666"> <property name="net.sf.jasperreports.export.xls.auto.filter" value="start"/> <property name="net.sf.jasperreports.export.xls.column.width" value="110"/> <property name="net.sf.jasperreports.export.xls.freeze.column.edge" value="left"/> </reportelement> &
Read more

media player - Android: mediaplayer went away with unhandled events -

-
i need duration of audio file series of voice announcements need play app. have added audio files resources , play fine. sample code below works perfect intended purpose: return duration of audio files. here code: float getdurationofaudioresource(locationenum loc, context context){ float duration = 0; try { mediaplayer mp; mp = mediaplayer.create(context, getaudioresource(loc)); duration = mp.getduration(); mp.release(); mp = null; } catch (illegalstateexception e) {e.printstacktrace(); logerror(25, "testdescitem:fault::could not open mediaplayer object audio resource.");} return duration; } here's weird thing. code called in main activity prepares set of audio instructions given test. there no errors within activity. second activity called, long string of errors on logcat. 03-07 13:23:43.820: i/actionlogger(21435): gentest_info_test #0 created. 03-07 13:23:43.830: i/actionlogger(21435): gente
Read more

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -

-
import pyodbc,nltk,array cnxn = pyodbc.connect('driver={mysql odbc 5.1 driver};server=127.0.0.1;port=3306;database=information_schema;user=root; password=1234;option=3;') cursor = cnxn.cursor() cursor.execute("use collegedatabase ;") cursor.execute("select * sampledata ; ") cnxn.commit() s=[] j=[] x=[] words = [] w = [] sfq = [] pos=[] entry in cursor: s.append(entry.injury_type),j.append(entry.injury_desc) nltk.tokenize import punktwordtokenizer nltk.corpus import stopwords tokenizer = punktwordtokenizer() english_stops = set(stopwords.words('english')) in range(0,26): # filter stop words tokenizer.tokenize(j[i]) w.append([word word in tokenizer.tokenize(j[i]) if word not in english_stops]) in range(0 , 26):#converting tokenzied text ito string sfq.append(" ".join(w[a])) replacers import regexpreplacer replacer = regexpreplacer() in range (0,26):#pos tagging replacer.repl
Read more