topic Re: set UID in Operating System - HP-UX

set UID

Harsha HR — Thu, 03 Dec 2009 15:31:40 GMT

Hi All,

I am new to HPUX.
while practiceing set UID in test server have some issue.
===================================
I am logged in as a root user.
# cat p1
sleep 20
# ll p1
-r-sr-xr-x 1 root sys 9 Dec 3 10:24 p1
===================================
Now I am executing p1 as a normal user "usr1", I found that the child process has owner as "user1" but should be "root"

$ sh p1 &
$ ps -ef| grep sleep
user1 11500 11499 0 10:05:52 pts/5 0:00 sleep 20

====================================

Re: set UID

James R. Ferguson — Thu, 03 Dec 2009 15:40:17 GMT

Hi:

"Set-UID" scripts are potentially dangerous. Current HP-UX kernels can control whether or not shell scripts are allowed to run "setuid".

This is controlled by the kernel parameter 'secure_sid_scripts':

http://docs.hp.com/en/B2355-60130/secure_sid_scripts.5.html

Regards!

...JRF...

Re: set UID

Harsha HR — Thu, 03 Dec 2009 17:21:06 GMT

Hi James,

Thanks for your reply. I checked the value of the said parameter, it was 1 & I have changed it to 0. still output remains same...

===============================

# kctune | grep -i secure
secure_sid_scripts 0 0 Immed
===============================
$ ll p1
-r-sr-xr-x 1 root sys 9 Dec 3 10:24 p1
$ cat p1
sleep 20
$ sh p1 &
[1] 12198
$ ps -ef| grep sleep
piyush 12199 12198 1 12:19:06 pts/3 0:00 sleep 20
===============================

Re: set UID

James R. Ferguson — Thu, 03 Dec 2009 17:42:06 GMT

Hi (again):

Add an 'id' command call before your 'sleep' to display the _effective_ userid of the process:

# cat p1
id
sleep 20

# chmod 4555 p1

Too, there is no reason to do:

# sh p1

Instead, skip the extra shell and do:

# ./p1

Regards!

...JRF...
Regards!

...JRF...

Re: set UID

Harsha HR — Thu, 03 Dec 2009 18:22:35 GMT

Hi James,

This is the output...

============================
$ cat p1
id
sleep 20
$ ./p1
uid=107(user1) gid=1001(b)
============================

Re: set UID

James R. Ferguson — Thu, 03 Dec 2009 18:48:02 GMT

Hi (again):

On a system that allows 'setuid' shell scripts, your output should look something like:

$ ./p1
uid=1000(jrf) gid=20(users) euid=0(root)

Notice that this works if you don't impose another subshell by running 'sh p1'.

The fact that you don't show the effective ID field suggests something is amiss. Verify that your latest change as the 'setuid' bit set on the script; that the script is owned by 'root'.

Regards!

...JRF...