Results 1 to 4 of 4

Thread: privileged mode ignored on ubuntu's bash

  1. #1
    Join Date
    Nov 2005
    Location
    Maryland
    Beans
    59
    Distro
    Ubuntu 16.04 Xenial Xerus

    privileged mode ignored on ubuntu's bash

    I am working on a bash script that is called by a setuid executable C wrapper. Because the bash script is called by the setuid C program, it is also run as the setuid user. This requires that bash be called with the -p flag (/bin/bash -p), to run in "privileged mode".

    This works correctly on other systems, but seeming not on ubuntu. Does the version of bash included with Ubuntu ignore the -p flag? Or am I overlooking another explanation for why this approach would not work?

    And yes, I'm aware that running shell scripts as setuid is a bad idea.
    Linux user #191081
    http://counter.li.org/

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: privileged mode ignored on ubuntu's bash

    From the bash manpage on a 16.04 system:
    Code:
           If the shell is started with the effective user (group) id not equal to
           the real user (group) id, and the -p option is not supplied, no startup
           files are read, shell functions are not inherited from the environment,
           the SHELLOPTS, BASHOPTS, CDPATH,  and  GLOBIGNORE  variables,  if  they
           appear  in  the  environment, are ignored, and the effective user id is
           set to the real user id.  If the -p option is supplied  at  invocation,
           the  startup  behavior  is  the  same, but the effective user id is not
           reset.
    and later
    Code:
                  executed.   If the -p option is given, the search for command is
                  performed using a default value for PATH that is  guaranteed  to
                  find  all  of  the  standard  utilities.
    and later
    Code:
                  -p      Turn on privileged mode.  In this  mode,  the  $ENV  and
                          $BASH_ENV  files  are not processed, shell functions are
                          not inherited from the environment, and  the  SHELLOPTS,
                          BASHOPTS,  CDPATH,  and  GLOBIGNORE  variables,  if they
                          appear in the environment, are ignored.  If the shell is
                          started  with the effective user (group) id not equal to
                          the real user (group) id, and the -p option is not  sup‐
                          plied, these actions are taken and the effective user id
                          is set to the real user id.  If the -p  option  is  sup‐
                          plied  at  startup,  the effective user id is not reset.
                          Turning this option off causes the  effective  user  and
                          group ids to be set to the real user and group ids.

    I've written setuid-root programs a few times. Always follow the best practices, especially when using shell scripts. Definitely capture any signals and have a good cleanup routine. Never called a script from mine, however.

    Can you show the 'system()' call from the code?
    Last edited by TheFu; January 21st, 2019 at 01:22 PM.

  3. #3
    Join Date
    Jul 2006
    Beans
    173
    Distro
    Xubuntu

    Re: privileged mode ignored on ubuntu's bash

    Quote Originally Posted by cwmccabe View Post
    I am working on a bash script that is called by a setuid executable C wrapper. Because the bash script is called by the setuid C program, it is also run as the setuid user. This requires that bash be called with the -p flag (/bin/bash -p), to run in "privileged mode".

    This works correctly on other systems, but seeming not on ubuntu. Does the version of bash included with Ubuntu ignore the -p flag? Or am I overlooking another explanation for why this approach would not work?

    And yes, I'm aware that running shell scripts as setuid is a bad idea.
    Well, the first thing that pops into my mind in terms of, "This shape is not like the others," is that Ubuntu does not have a password on the root account, meaning a user cannot 'su' to root. Pretty much every other distro I've used doesn't do this.

    I usually run a problematic app under 'strace' if I'm trying to diagnose a permissions problem. It's a little bit more informative than the generic error messages.

    What about the C wrapper itself? Did you compile it on the machine you're running it on, or is it a pre-compiled binary from another machine? Does it check the setuid() function for error to let you know if it failed for some reason?

    I would run your wrapper through strace just to make sure it's actually getting root privileges, and then once you've confirmed that, run 'bash -p' through the C wrapper, also through strace. You should get a full output of what the system calls are doing and what might be going wrong.

  4. #4
    Join Date
    Nov 2005
    Location
    Maryland
    Beans
    59
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: privileged mode ignored on ubuntu's bash

    Thanks SagaciousKJB and ThuFu. Turns it it was the compiled executable after all. The setuid executable was using a system() call to run the bash script. This worked on Debian and NetBSD machines, but not on Ubuntu. I found that if I call the script with execve() instead of system() it now works on Ubuntu as well. This introduces some other constraints, but ones that I can overcome.
    Linux user #191081
    http://counter.li.org/

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •