Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the IO-Tty CPAN distribution.

Report information
The Basics
Id:
88271
Status:
resolved
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
jpeacock [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
1.10
Fixed in:
1.13_01



Subject: Solaris setuid when root running as other user
Handles the situation where root has switched to an unprivileged account.
Subject: IO-Tty-1.08-euid.patch
--- Tty.xs.orig Fri Jul 10 12:40:13 2009 +++ Tty.xs Fri Jul 10 12:41:37 2009 @@ -262,6 +262,7 @@ if (PL_dowarn) warn("IO::Tty::pty_allocate(nonfatal): grantpt(): %.100s", strerror(errno)); } + #endif /* HAVE_GRANTPT */ #if defined(HAVE_UNLOCKPT) #if PTY_DEBUG @@ -318,6 +319,38 @@ if (namebuf[0] == 0) return 0; /* we failed to get the slave name */ +#if defined (__SVR4) && defined (__sun) + #include <sys/types.h> + #include <unistd.h> + { + uid_t euid = geteuid(); + uid_t uid = getuid(); + + /* root running as another user + * grantpt() has done the wrong thing + */ + if (euid != uid && uid == 0) { +#if PTY_DEBUG + if (print_debug) + fprintf(stderr, "trying seteuid() from %d to %d...\n", + euid, uid); +#endif + if (setuid(uid)) { + warn("ERROR: IO::Tty::open_slave: couldn't seteuid to root: %d", errno); + return 0; + } + if (chown(namebuf, euid, -1)) { + warn("ERROR: IO::Tty::open_slave: couldn't fchown the pty: %d", errno); + return 0; + } + if (seteuid(euid)) { + warn("ERROR: IO::Tty::open_slave: couldn't seteuid back: %d", errno); + return 0; + } + } + } +#endif + if (*ttyfd >= 0) { make_safe_fd(ptyfd); make_safe_fd(ttyfd);
I'm nervous to apply this patch without having a failing test to show what the problem was in the first place. Can you help me with that?
On Thu Aug 29 14:29:02 2013, TODDR wrote:
Show quoted text
> I'm nervous to apply this patch without having a failing test to show > what the problem was in the first place. Can you help me with that?
I'll see what I can do. This is literally the patch we run with internally, so I'll have to see if I can recreate what we do for a test. It isn't something that you are going to be able to use as a normal unit test, however, because it requires (if I remember correctly): a) Having access to a Solaris 10 environment b) running the test as root c) using Solaris's privilege functions, available only in C code d) having an unprivileged account to switch into John
Patched here. I'll have a Dev release to CPAN tonight. https://github.com/toddr/IO-Tty/commit/a06c8982483a6ebe9ef0546d3d4cdc63072b7545


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.