topic Re: setuid script and remsh in Operating System - HP-UX

setuid script and remsh

Marc Ahrendt — Fri, 08 Oct 2004 12:08:55 GMT

why isn't the following working

ls -al frog
-rwsr-xr-x 1 wsm users 104 Oct 8 09:54 frog
cat frog
#!/bin/sh
echo id
id
echo who am i
who am i
echo whoami
whoami
remsh hulk -l wsm -n "uname -a"
./frog
id
uid=206(mahrendt) gid=200(dba) euid=210(wsm) groups=121(sysadmA),201(docctrl)
who am i
mahrendt ttyrc Oct 8 09:52
whoami
wsm
remshd: Login incorrect
NOTE: the .rhosts file for wsm on hulk has the following entry
+ wsm

my goal is to have everyone be able to run frog ...allowing them to access hulk as wsm to run a script on hulk as wsm (just using uname as an example above)

why isn't SETUID working? is remsh not fooled by SETUID? i really would like to use SETUID.

Re: setuid script and remsh

Muthukumar_5 — Fri, 08 Oct 2004 12:34:49 GMT

what is there in /etc/hosts.equiv file in remote host of hlk there. Are you have same entries as,

localhost

$wsmhomedirectory/.rhosts
+ hulk

Check the permission of files there too.

Re: setuid script and remsh

Sundar_7 — Fri, 08 Oct 2004 12:47:52 GMT

Marc,

I believe this is the way how remsh works.

I was not able to get this working too.

Will the script code be changing often ? - If not, may be you can try this in C.

setuid() to user wsm.

and execute the script

#include
main()
{
setuid(210);
system("/usr/bin/remsh hulk -l wsm <script>");
}
- Sundar.

Re: setuid script and remsh

Marc Ahrendt — Fri, 08 Oct 2004 13:54:30 GMT

Muthukumar ...thx, but /etc/hosts.equiv is superseded by .rhosts settings and .rhosts for user wsm on hulk is setup correctly

Sundar ...thx, i actually got it to work by doing what you said (i copied your C code and actually made the binary owned by root with permissions 4555)

my final question is how can i pass command line arguments to the C program so that it in turn passes them to the remsh command ...basically the script on the remote machine takes several arguements like the following

script "arg 1" arg2 "agr thr ee" ...need to preserve the quotes since some arguements have spaces

Re: setuid script and remsh

RAC_1 — Fri, 08 Oct 2004 14:03:27 GMT

As a user wsm log onto hulk. (user plain/old telnet) Once you login, do a who -um.

What appears in the last column??? The same ip address/hostname needs to be put in $HOME/.rhosts file of wsm user on hulk.

Should somthing like as follows. also check the perms on .rhosts file. Should read for owner.

ip_address/hostname wsm

Try this and post.

Anil

Re: setuid script and remsh

Bill Hassell — Fri, 08 Oct 2004 15:19:31 GMT

In order for remsh to work. .rhosts MUST be 600 permission and both computers must be able to resolve each other both by name and by IP using nslookup. Your DNS server may be missing reverse lookup records.

Re: setuid script and remsh

Marc Ahrendt — Fri, 08 Oct 2004 16:50:08 GMT

RAC & Bill ...thx, but it is not a .rhosts or a hostname resolution problem (i got a handle on those issues). Sundar was able to reproduce my situation ...seems that remsh is not fooled by the SETUID bit

however, if i use Sundar's C code it works

vi frogC.c (add his code)
cc -o frogC frogC.c
chown root frogC
chmod 4555 frogC
now when people run frogC the system treats them as being "wsm" and so the remsh works to the remote system hulk

i haven't used C in a long time and only now just need to know how to pass command line arguments in C to the remsh command in frogC

Re: setuid script and remsh

RAC_1 — Fri, 08 Oct 2004 16:57:30 GMT

Did you try the solution I gave?? I do think that this is host resolution/wrong set up of .rhosts file.

Anil

Re: setuid script and remsh

Sundar_7 — Fri, 08 Oct 2004 17:21:10 GMT

Anil et all,

If .rhosts is the issue, when remsh is executed from C excerpt, it wont work either.

So, believe me, it is not an issue with .rhosts file :-)

I may not be able to explain why remsh is not taking the setuid bit, but I was able to reproduce the problem.

Marc: I am not good at C. I can show you how to pass command line arguments.

#include
#include
#include
#include
main(int argc,char **argv)
{
int i;
char *parms;
for(i=1;i<=argc;i++)
{
strcat(parms,argv[i]);
strcat(parms," ");
}
setuid(45906);
execl("/usr/bin/sh", "sh", "-c", "remsh hulk -l wsm <script>",parms,0);
}

The above program is core dumping for whatever reasons - I am sure you can take it from there :-)

- Sundar

Re: setuid script and remsh

RAC_1 — Fri, 08 Oct 2004 17:35:16 GMT

Sundar,

I am also not very good at c/c++. I read the posting again. I still believe, he need to prepare the .rhosts fil on hulk as follows.

With perms 600.

"ip_address_of_the machine_he_is_executing_the_script_on" wsm

I do not have machine at hand the moment to try this out.

Anil

Re: setuid script and remsh

Gary L. Paveza, Jr. — Mon, 11 Oct 2004 06:49:34 GMT

My understanding is that HPUX SETUID on a script, but will execute a SETUID binary.

Re: setuid script and remsh

Gary L. Paveza, Jr. — Tue, 12 Oct 2004 06:33:10 GMT

NO points please. The above should read HPUX ignores SETUID on a script, but executes it on a binary.

Re: setuid script and remsh

Dietmar Konermann — Tue, 12 Oct 2004 07:35:07 GMT

Hi, folks!

Just my two cents... :-)
The "SETUID" for scripts traditionally works on HP-UX if the interpreter is specified (#!/usr/bin/sh e.g.).

However, beginning with 11.22 there is a kernel tunable secure_sid_scripts to disable this feature.

But this is not the point here. Inside a suid script only your effective user id (euid) gets changed, but not your real user id which is used by remsh. To change also the ruid you need to use setresuid(2).

I attached a sample C wrapper which should help (and passes arguments also).

Best regards...
Dietmar.

Re: setuid script and remsh

Dietmar Konermann — Tue, 12 Oct 2004 08:12:34 GMT

Oops, attached the wrong file. Pls use this one.