Thanks for the info, but to try and explore it myself I wrote three scripts that pass control along. I set the middle one as SUID and then a funny thing happened when I edited the file. The server crashed!
Undeterred, I tried again, same result (good thing it's not production )
I own the files thus:-
It seems that whenever I write the file, the server crashes. The very simple code runs find, but if I try to sudo chown root scr_b.ksh the server crashes. I can issue the sudo chown if it's not SUID at the time. The filesystem allows SUID, by the way.
What on earth can an un-privileged user be doing wrong
Naturally, I'm very concerned that a mis-key by someone else may cause them to get an error on the habitual chmod 777 and run chmod 7777 and then editing the file will cause a server crash. The crash happens when actually writing the file. I haven't tried it with a simple redirect yet - I don't want to crash the server yet again!
Output from uname gives me a RHEL version of 2.6.32-279.14.1.el6.x86_64
Robin
Last edited by rbatte1; 06-27-2013 at 06:25 AM..
Reason: Grammar
Thanks for the info, but to try and explore it myself I wrote three scripts that pass control along. I set the middle one as SUID and then a funny thing happened when I edited the file. The server crashed!
Server went unresponsive. The console was not connected, so nothing there. Looking in /var/log/messages, I have these from this morning:-
..... and then off further into the boot.
I have another test server that should be at the same versions, and it doesn't exhibit this behaviour. Suspicion lies with the replication software that is under test on the one that crashed. Don't panic anyone else, unless you are running (I think it's called) RHA from CA. I will pass this on to the person running that project. Maybe I will just take your word for it and keep quiet.
Further testing has shown that this is linked to the replication software under evaluation. I think that this, along with other hangs/crashes will end that evaluation process.
Robin
Last edited by rbatte1; 07-03-2013 at 10:22 AM..
Reason: Cause of hang proved as replication software
it was good the issue was mentioned ... keeping quiet about it does not help anybody ...
if the replication job is the actual culprit and this replication job is deemed fit to be released for production installs into every critical server, not letting anybody else know about the potential for a server crash when doing a simple find from a setuid script could be catastrophic to the environment and goes against what i believe are the duties and responsibilities of a system administrator ... any risks to the supported computing environment should be mitigated as soon as known and not hidden ...
at the least, the company should know about the bug and ensure there are safeguards against it ... it would also help the vendors of the replication software to know this so they can actually fix the issue ...
now the general computing community also benefits ...
Last edited by Just Ice; 06-28-2013 at 09:03 AM..
Reason: to provide clarification
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Hi,
i am new here let me say HI for all.
now i have a question please:
i am sending one command to my machine to create 3 names.
if one of the names exists then the box return error message that already have the name but will continue to create the rests.
How i can break the command and... (7 Replies)
Hi,
OS : Linux
I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1).
When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue.
I was wondering if... (6 Replies)
Hi everyone,
when executing this command in unix:
echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error.
here is content of my script:
tdbsrvr$ vi hc.sh
"hc.sh" 22 lines, 509... (4 Replies)
Hello everyone,
I have a radio wireless called UBNT Nanostation5
It has this linux OS:Linux version 2.4.27-ubnt0
When i want to write a script in ssh, i get some errors
The script is:
ifconfig eth0 down
ifconfig eth0 hw ether 00:15:6D:**:**:**
ifconfig eth0 up
cfg -x
echo... (1 Reply)
Hi,
We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
i have a script that will retrive some info from database. The script is working fine but i have to add new feature in it when the script fails or retrive null result it should reflect in the log file.
below the script AMR_Inactive.sh
while read i
do
connect1=`sqlplus -silent... (3 Replies)
I am researching ways in which to backup files or whole file systems for backup to another system.
We are using Suse Linux 7.0 with no tape backup devices or secondary disks.
What utilities would be the best to use for a simple yet flexible script for backup purposes?
tar, cpio, compress. (3 Replies)