Re: normal user core dumping after calling setresuid

Aviansh · ‎02-25-2009

Hi,

Can anyone please tell me how to force child process to dump core.
I'm using setresuid inside the signal handler.

Regards
-Avinash

Laurent Menase · ‎02-25-2009

do you mean that you have a process which has the setuid bit- we called that pink process-, and you want it to coredump?

Once a process is pink, then it won't generate core even if the resuid is made to set it back to a normal user

there are some way to generate it in that case,
removing that security.- the way to do it depends of hpux revision-

Dennis Handly · ‎02-25-2009

This looks like a continuation of your other thread. It is better to continue your related questions in the same thread.
http://h30499.www3.hp.com/t5/Languages-and-Scripting/problem-with-setresuid-in-child-process-Pink-Process/td-p/4362801

Aviansh · ‎02-25-2009

Hi Laurent,

Please describe in little more details..

also how this is achieved on hp-ux different versions..

Regards
-Avinash

Laurent Menase · ‎02-26-2009

Hi Aviansh

on 11.31 look at man coreadm
on 11.23
echo dump_all/W 1| adb -o /stand/vmunix /dev/kmem
on 11.11
echo dump_all/W 1| adb /stand/vmunix /dev/kmem

limit this to your debug session because it opens security holes on your system.

Laurent Menase · ‎02-26-2009

to come back to normal behavior
- pink process don't generate core-
11.11
echo dump_all/W 0 | adb /stand/vmunix /dev/kmem

11.23
echo dump_all/W 0 | adb -o /stand/vmunix /dev/kmem

Aviansh · ‎02-26-2009

I'm getting the following error when I run this on 11iv2 machine..

# echo dump_all/W 1| adb -o /stand/vmunix /dev/kmem
dump_all: 0 =
adb: error: /dev/kmem: Bad file number.

Aviansh · ‎02-26-2009

sorry I should have executed
echo dump_all | adb -o /stand/vmunix /dev/kmem

Laurent Menase · ‎02-26-2009

I forgot -w

it is
echo dump_all/W 1 | adb -o -w /stand/vmunix /dev/kmem

and to revert back
echo dump_all/W 0|adb -o -w /stand/vmunix /dev/kmem

Aviansh · ‎02-26-2009

I'll inform about this..
currently my build machine is down..!!!!!

Thanks for your efforts

Laurent Menase · ‎02-26-2009

just a remark, this is to be done before the process core dump

Aviansh · ‎02-27-2009

Thanks a lot laurent, it works..

But this can only be used temporarily for the debugging purpose, as it breaches the unix security...

Laurent Menase · ‎02-27-2009

you can try to do it with a launcher which has the setuid bit

promoter.c
main()
{
setreuid(0,0);
execl("/mypath/commandtopromote","commandtopromore","param1",....,0);
}

I am not sure that the commandtopromote will be pink too.

or the other way if you need promotion just temporarily:
1 simple process with promotion to perform restricted ops.
1 process as normal user which makes the main operations
and the 2 processes talk using unix domain sockets, pipes, or other

- or simply launching it if it is really occasionnally. - like grandpt() does for instance.

Else if you are happy, don't forget points.

Aviansh · ‎03-03-2009

Hi Laurent,

Can you please tell me how hp-ux login/shell does the same thing.

Because the normal user sometimes are given root permission(like passwd file updation), yet they dump core..!!!

Regards
-Avinash

Aviansh · ‎03-03-2009

I mean to say..

Normal users can generate core from his login shell..
Then why not Pink Processes.?

Laurent Menase · ‎03-03-2009

Hi Avinash,
no, passwd, login generate a core dump only if they are started by root user.

so a way to do it:
main(c,v)
int c;
char**v;
{
if(getuid()!=0)
{
printf("need to recall");
setreuid(0,0);
execvp(v[0],v); /* restart the process as really root user */
}
printf ("%d\n",getuid());
kill(getpid(),10);
sleep(10);
}

it will generate a core, but all the process is executed as root.

Laurent Menase · ‎03-03-2009

or
main(c,v)
int c;
char**v;
{
if(getuid()!=10)
{
printf("need to recall");
setreuid(10,10);
execvp("./r",v);
}
printf ("%d\n",getuid());
kill(getpid(),10);
sleep(10);
}

cc k.c -o k
cp k r
chmod 6555 k
chmod 555 r

./k setuid to 10 10 then exec r which is the same program but without setuid bit set.
so not pink

Aviansh · ‎03-03-2009

my daemon is not having 6555 permission. It has 555 permissions.

when we connect to this server(daemon) using non-root id it forks a copy of itself to serve the request.

we are using setresuid in our code and inside the signal handler.

Aviansh · ‎03-04-2009

Hi Laurent,

I have some confusion over the concept of Pink process..

a process is called a pink process when it becomes a privileged user or if it executes setresuid ..??

Please clarify on this..

Regards
-Avinash

Dennis Handly · ‎03-04-2009

>I have some confusion over the concept of Pink process.

Don explained what it (pinko) meant in your other thread.
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1315932#tdIdName5

(This is why you shouldn't have created another related thread.)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: normal user core dumping after calling setresuid

normal user core dumping after calling setresuid