HPE Community
Operating System - HP-UX
1821838 Members
3455 Online
109638 Solutions
New Discussion юеВ

Unusual behavour when setting u+s on a file in 11i on itanium.

 
SOLVED
Go to solution
John Waller
Esteemed Contributor

тАО04-06-2004 11:59 PM

тАО04-06-2004 11:59 PM

Unusual behavour when setting u+s on a file in 11i on itanium.

One of my developers has compiled a program in gcc++ linking in some cobol librarys. All works OK until I perform a "chmod u+s" so all work is performed as an individial user. When I set these permissions, only the owner of the program can use it, everybody else gets an error "/usr/lib/hpux64/dld.so: Unable to find library " If I u-s then g+s, it works OK for everyone again. Anybody any ideas ???
0 Kudos
Reply
5 REPLIES 5
KapilRaj
Honored Contributor

тАО04-07-2004 12:13 AM

тАО04-07-2004 12:13 AM

Re: Unusual behavour when setting u+s on a file in 11i on itanium.

when u do a u+s on pgm1 , Whoever runs it will run the program as the owner of that file. Here the owner would have an access on /usr/lib/hpux64/dld.so and others doesn't have.

This is called SETUID through which you can change a process's affective UID as that of the nwer of that executable

Regds,

Kaps
Nothing is impossible
0 Kudos
Reply
KapilRaj
Honored Contributor

тАО04-07-2004 12:15 AM

тАО04-07-2004 12:15 AM

Re: Unusual behavour when setting u+s on a file in 11i on itanium.

This is not unusual !! what made u to think like that ?.

Kaps
Nothing is impossible
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

тАО04-07-2004 12:21 AM

тАО04-07-2004 12:21 AM

Solution

Re: Unusual behavour when setting u+s on a file in 11i on itanium.

I suspect this is a security feature - this is from the WARNINGS section of the man page for dlopen(3c) :

The environment variable LD_LIBRARY_PATH and SHLIB_PATH should contain a colon-separated list of directories, in the same format as the PATH variable (see sh(1) ). LD_LIBRARY_PATH and SHLIB_PATH will be ignored if the process' real user id is different from its effective user id or its real group id is different from its effective group id (see exec(2) ).

Basically to stop someone inserting malicious code in a library and then running it as a different user (potentially root!)

HTH

Duncan


I am an HPE Employee
Accept or Kudo
Reply
Duncan Edmonstone
HPE Pro

тАО04-07-2004 12:28 AM

тАО04-07-2004 12:28 AM

Re: Unusual behavour when setting u+s on a file in 11i on itanium.

And I should have added, I suspect you will need to hard-code the library paths in the binary (then SHLIB_PATH and LD_LIBRARY_PATH are irrelevant anyway.)

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
John Waller
Esteemed Contributor

тАО04-07-2004 12:42 AM

тАО04-07-2004 12:42 AM

Re: Unusual behavour when setting u+s on a file in 11i on itanium.

Many thanks Duncan. I presume this has now been forced in 11i as it worked fine under 32bit 11.00, but looking at the man page on 11.00 it does mention that on 64-bit systems the same thing happens.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.