busybox Digest, Vol 76, Issue 31
Brilliantov Kirill Vladimirovich
brilliantov at byterg.ru
Mon Nov 28 05:40:11 UTC 2011
> errno has no meaning after successful calls.
> It does not stay 0. So, "illegal seek" msg is bogus.
>
> (1) uncomment error messages on error paths.
> your setuid() call seems to fail, and you don't see why.
>
> (2) run your program under strace.
>
Thank your for your reply Denys!
My code:
#define ERROR(fmt, ...) \
syslog(LOG_ERR, fmt ", errno %d (%m)", ##__VA_ARGS__, errno)
int8_t drop_root(const char *user)
{
ERROR("Run %s, user %s", __func__, user);
struct passwd *pwd = NULL;
int r;
if (NULL == (pwd = getpwnam(user)))
return -1;
ERROR("After getpwnam, uid = %d, gid = %d", pwd->pw_uid, pwd->pw_gid);
r = setgid(pwd->pw_gid);
if (r) {
ERROR("ERROR: After setGID, r = %d", r);
return -1;
}
ERROR("After setGID, r = %d", r);
r= setuid(pwd->pw_uid);
if (r) {
ERROR("ERROR: After setUID, r = %d", r);
return -1;
}
ERROR("After setUID, r = %d", r);
return 0;
}
Manul running:
monitor: Run drop_root, user monitor, errno 0 (Success)
monitor: After getpwnam, uid = 100, gid = 100, errno 0 (Success)
monitor: After setGID, r = 0, errno 29 (Illegal seek)
monitor: After setUID, r = 0, errno 29 (Illegal seek)
monitor: Ready to send message
Strace:
.....................
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001e000
set_tls(0x4001e0a0, 0x4001f000, 0x4001e7f8, 0x4001e778, 0x40025050) = 0
mprotect(0x40145000, 4096, PROT_READ) = 0
access("/etc/monitor", F_OK) = 0
brk(0) = 0x14000
brk(0x35000) = 0x35000
gettimeofday({946686039, 822996}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: Run drop_root, user moni"..., 57monitor: Run
drop_root, user monitor, errno 0 (Success)
) = 57
munmap(0x4001f000, 4096) = 0
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) =
-1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) =
-1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=224, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
read(3, "passwd: files\ngroup: "..., 4096) = 224
read(3, ""..., 4096) = 0
close(3) = 0
munmap(0x4001f000, 4096) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\254\30\0\0004\0\0\0d"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=50108, ...}) = 0
mmap2(NULL, 70324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x4014b000
mprotect(0x40154000, 28672, PROT_NONE) = 0
mmap2(0x4015b000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x4015b000
close(3) = 0
mprotect(0x4015b000, 4096, PROT_READ) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=91, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
read(3, "root:x:0:0:root:/root:/bin/sh\nmon"..., 4096) = 91
close(3) = 0
munmap(0x4001f000, 4096) = 0
gettimeofday({946686040, 242418}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: After getpwnam, uid = 10"..., 66monitor: After
getpwnam, uid = 100, gid = 100, errno 0 (Success)
) = 66
munmap(0x4001f000, 4096) = 0
close(3) = 0
setgid32(100) = 0
gettimeofday({946686040, 265991}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: After setGID, r = 0, err"..., 55monitor: After
setGID, r = 0, errno 29 (Illegal seek)
) = 55
munmap(0x4001f000, 4096) = 0
close(3) = 0
setuid32(100) = 0
gettimeofday({946686040, 621567}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(3) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 3
fstat64(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(3, 0, 0xbed55910, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "monitor: After setUID, r = 0, err"..., 55monitor: After
setUID, r = 0, errno 29 (Illegal seek)
) = 55
munmap(0x4001f000, 4096) = 0
close(3) = 0
rt_sigaction(SIGINT, {0x9444, [INT], SA_RESTART|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x9444, [TERM], SA_RESTART|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGHUP, {0x9444, [HUP], SA_RESTART|0x4000000}, NULL, 8) = 0
open("/etc/monitor", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=48, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
read(3, "PORT=65000\nBROADCAST=1\nSERVER=0.0"..., 4096) = 48
read(3, ""..., 4096) = 0
close(3) = 0
munmap(0x4001f000, 4096) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
ioctl(3, SIOCGIFADDR, {ifr_name="eth0", ifr_addr={AF_INET,
inet_addr("192.168.255.2")}}) = 0
close(3) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=329, groups=00000000}, [12]) = 0
gettimeofday({946686040, 668309}, NULL) = 0
sendto(3, "\24\0\0\0\26\0\1\3XHm8\0\0\0\0\0\0\0\0"..., 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"<\0\0\0\24\0\2\0XHm8I\1\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"\24\0\0\0\3\0\2\0XHm8I\1\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1\10"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
open("/etc/gai.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = -1 EAFNOSUPPORT (Address
family not supported by protocol)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(65000),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(3072),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
close(3) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP) = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(65000),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
gettimeofday({946686040, 698108}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_DGRAM, 0) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 ENOENT (No
such file or directory)
close(4) = 0
open("/dev/console", O_WRONLY|O_NOCTTY) = 4
fstat64(4, {st_mode=S_IFCHR|0660, st_rdev=makedev(5, 1), ...}) = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo
...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
_llseek(4, 0, 0xbed55938, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(4, "monitor: Ready to send message\r\n"..., 32monitor: Ready to
send message
) = 32
munmap(0x4001f000, 4096) = 0
close(4)
Running with system:
monitor: Run drop_root, user monitor, errno 0 (Success)
monitor: After getpwnam, uid = 100, gid = 100, errno 0 (Success)
monitor: After setGID, r = 0, errno 29 (Illegal seek)
Thank you.
--
Best regards,
Brilliantov Kirill Vladimirovich
More information about the busybox
mailing list