Conseguir que el entorno de un proceso se ejecute con un usuario diferente

Assume I have a process with PID 1234 running in the background under user A.

If I run the following program as user A, it succeeds. If I run it as user B, it fails with open: Permission denied.

Esto tiene sentido, ya que environ file is owned by user A and has read permission only for A. But if I make the program set-user-ID for user A and run it as user B, it fails with read: Permission denied. This doesn't seem to happen with a regular file having the same permissions. It also doesn't happen if A is root.

Any ideas why? Is there any other way to get the environment of another process that works around this issue?

#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>

int main(int argc, const char *argv[])
{
    unsigned char ch = 0;
    int fd = -1;
    int read_result = -1;

    setresuid(geteuid(), geteuid(), geteuid());

    fd = open("/proc/1234/environ", O_RDONLY);
    if (-1 == fd) {
        perror("open");
        return EXIT_FAILURE;
    }

    read_result = read(fd, &ch, 1);
    if (-1 == read_result) {
        perror("read");
        return EXIT_FAILURE;
    }

    close(fd);

    return EXIT_SUCCESS;
}

preguntado el 09 de marzo de 12 a las 14:03

1 Respuestas

As you can see, if your program run sin SETUID, open(2) gives you Permission denied, whereas if you run the program con SETUID, open(2) works ok, but read(2) causes the same error. This happens because of additional permission check during each file operation on /proc/* inodes. Looks like this additional permission check uses something other than EUID of the running process. If you run GNU/Linux, for more details see NOTA at the beginning of the code in <kernel_source>/fs/proc/base.c and environ_read() function in the same file.

One of the possible quick solutions:

  • set owner of the program file to root
  • set owner group to some special group
  • add user that should run the program (user B) to that special group
  • set mode bits to 4550 (r-sr-x---)
  • llámenos al setuid(getuid()) to drop priveleges as soon as possible, i.e. right after reading environ presentar

In this case any user from the given group could read /proc/*/environ of cualquier other user.

If you want to reduce the permissions of your program to allow only read environ files of the specific user (user A), you probably should think of some other tricks. For example config file, containing the user(s) whose environ file(s) could be read.

Always be careful with extra permissions. Especially with raíz permissions. Do necessary privileged operations and drop permissions as soon as possible.

respondido 09 mar '12, 20:03

Thank you. I looked at the code you mentioned. It eventually calls ptrace_may_access(task, PTRACE_MODE_READ) which checks the gid/egid/sgid of the process in addition to the uid,suid and euid. Giving the executable setgid and adding a setresgid call solved my problem. - itay perl

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.