20090504

setuid root

You could have sudo not ever require a password for a certain command with an entry in /etc/sudoers:<br><br>
<div style="margin-right: 20px; margin-bottom: 20px; margin-left: 20px; margin-top: 5px; "><div class="smallfont" style="font: normal normal normal 11px/normal verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; margin-bottom: 2px; ">Code:</div><pre class="alt2" dir="ltr" style="background-image: initial; background-repeat: initial; background-attachment: initial; -webkit-background-clip: initial; -webkit-background-origin: initial; background-color: rgb(230, 230, 230); color: rgb(0, 0, 0); margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 6px; padding-right: 6px; padding-bottom: 6px; padding-left: 6px; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: inset; border-right-style: inset; border-bottom-style: inset; border-left-style: inset; border-color: initial; width: 480px; height: 34px; text-align: left; overflow-x: auto; overflow-y: auto; background-position: initial initial; ">mikuro ALL= NOPASSWD: /path/to/command
</pre></div><span>Or for the setuid route, it looks like in Leopard setting the setuid bit isn't enough any more --&nbsp;<span class="IL_LINK_STYLE" style="position: static !important; text-decoration: underline; background-image: none !important; background-repeat: repeat !important; background-attachment: scroll !important; -webkit-background-clip: initial !important; -webkit-background-origin: initial !important; background-color: transparent !important; cursor: pointer !important; display: inline !important; color: rgb(0, 0, 255); padding-bottom: 1px !important; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(0, 0, 255); font-size: 13px; font-weight: normal; font-style: normal; font-family: verdana; background-position: 0% 50%; ">the code</span>&nbsp;also has to call setuid(), which is the way it should be, I believe. So for example:</span><br><br><div style="margin-right: 20px; margin-bottom: 20px; margin-left: 20px; margin-top: 5px; "><div class="smallfont" style="font: normal normal normal 11px/normal verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; margin-bottom: 2px; ">Code:</div><pre class="alt2" dir="ltr" style="background-image: initial; background-repeat: initial; background-attachment: initial; -webkit-background-clip: initial; -webkit-background-origin: initial; background-color: rgb(230, 230, 230); color: rgb(0, 0, 0); margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 6px; padding-right: 6px; padding-bottom: 6px; padding-left: 6px; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: inset; border-right-style: inset; border-bottom-style: inset; border-left-style: inset; border-color: initial; width: 480px; height: 162px; text-align: left; overflow-x: auto; overflow-y: auto; background-position: initial initial; ">#include <stdio.h>
int main(void)
{
if (setuid(0) &lt; 0)
fprintf(stderr, "setuid() failed\n");
else
system("/usr/bin/whoami");
return(0);
}
</stdio.h></pre></div>Try that with the setuid bit set and it should do what you want.<br><br>I'll spare you the usual security warnings and all that...&nbsp;<img src="http://macosx.com/forums/images/smilies/apple.gif" border="0" alt="" title="Apple Smile" class="inlineimg" style="vertical-align: middle; ">__________________<br><a href="http://cyberfeen.wordpress.com/" target="_blank" style="color: rgb(0, 51, 102); text-decoration: underline; ">Tech Blog</a>

No comments:

Post a Comment