Volker Kroll wrote:
> On Tue, 2003-12-09 at 18:25, Stas Bekman wrote:
>
>
>>% su - nobody
>
> This account is currently not available.
>
>
> So I think, here is the problem:
> grep ^nobody /etc/passwd
> nobody:x:99:99:Nobody:/:/sbin/nologin
> ^^^^^^^^^^^^
> nobody cannot login and allocate a shell
>
>
>>The 'su - nobody' test above should give us the answer
>>where the fault is.
>
>
> and it does :-)
Which probably means that your perl POSIX implementation is broken.
I've tried to emulate your case:
nobody:x:65534:65534:Nobody:/:/sbin/nologin
before it was:
nobody:x:65534:65534:Nobody:/:/bin/sh
% perl -le 'require POSIX; POSIX::setuid(65534) or die "failed to setuid: $@";
POSIX::setgid(65534) or die "failed to setgid: $@"; \ print -r q{/root} &&
-w _ && -x _ ? q{OK} : q{NOK}; '
failed to setgid: at -e line 1.
As you can see setgid has failed, but not setuid. Does this fail for you:
% perl -le 'require POSIX; POSIX::setgid(99) or die "failed to run: $@";'
I wonder why setuid doesn't fail for me:
% perl -le 'require POSIX; POSIX::setuid(65534) or die "failed to setuid: $@";
\
print -r q{/root} && -w _ && -x _ ? q{OK} : q{NOK}; '
OK
I think this is definitely broken on my machine, since my /root is drwx------
and that means that setuid() didn't do its job and the process is still
running as the root user.
So if you change /etc/passwd's nobody entry to have /bin/sh instead of
/sbin/nologin the test suite should now successfully detect that it won't be
able to work from that directory.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
|