Skip Menu |

This queue is for tickets about the IO-Tty CPAN distribution.

Report information
The Basics
Id: 88271
Status: resolved
Priority: 0/
Queue: IO-Tty
People
Owner: Nobody in particular
Requestors: jpeacock [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.10
Fixed in: 1.13_01

History Show all quoted text
  Thu Aug 29 11:55:45 2013 jpeacock [...] cpan.org - Ticket created
Subject: Solaris setuid when root running as other user
Handles the situation where root has switched to an unprivileged account.
Subject: IO-Tty-1.08-euid.patch
--- Tty.xs.orig Fri Jul 10 12:40:13 2009 +++ Tty.xs Fri Jul 10 12:41:37 2009 @@ -262,6 +262,7 @@ if (PL_dowarn) warn("IO::Tty::pty_allocate(nonfatal): grantpt(): %.100s", strerror(errno)); } + #endif /* HAVE_GRANTPT */ #if defined(HAVE_UNLOCKPT) #if PTY_DEBUG @@ -318,6 +319,38 @@ if (namebuf[0] == 0) return 0; /* we failed to get the slave name */ +#if defined (__SVR4) && defined (__sun) + #include <sys/types.h> + #include <unistd.h> + { + uid_t euid = geteuid(); + uid_t uid = getuid(); + + /* root running as another user + * grantpt() has done the wrong thing + */ + if (euid != uid && uid == 0) { +#if PTY_DEBUG + if (print_debug) + fprintf(stderr, "trying seteuid() from %d to %d...\n", + euid, uid); +#endif + if (setuid(uid)) { + warn("ERROR: IO::Tty::open_slave: couldn't seteuid to root: %d", errno); + return 0; + } + if (chown(namebuf, euid, -1)) { + warn("ERROR: IO::Tty::open_slave: couldn't fchown the pty: %d", errno); + return 0; + } + if (seteuid(euid)) { + warn("ERROR: IO::Tty::open_slave: couldn't seteuid back: %d", errno); + return 0; + } + } + } +#endif + if (*ttyfd >= 0) { make_safe_fd(ptyfd); make_safe_fd(ttyfd);
  Thu Aug 29 14:29:02 2013 TODDR [...] cpan.org - Correspondence added
I'm nervous to apply this patch without having a failing test to show what the problem was in the first place. Can you help me with that?
  Thu Aug 29 14:29:02 2013 The RT System itself - Status changed from 'new' to 'open'
  Sat Aug 31 20:43:09 2013 jpeacock [...] cpan.org - Correspondence added
On Thu Aug 29 14:29:02 2013, TODDR wrote: Show quoted text
> I'm nervous to apply this patch without having a failing test to show > what the problem was in the first place. Can you help me with that?
I'll see what I can do. This is literally the patch we run with internally, so I'll have to see if I can recreate what we do for a test. It isn't something that you are going to be able to use as a normal unit test, however, because it requires (if I remember correctly): a) Having access to a Solaris 10 environment b) running the test as root c) using Solaris's privilege functions, available only in C code d) having an unprivileged account to switch into John
  Sun Dec 14 03:02:08 2014 TODDR [...] cpan.org - Correspondence added
Patched here. I'll have a Dev release to CPAN tonight. https://github.com/toddr/IO-Tty/commit/a06c8982483a6ebe9ef0546d3d4cdc63072b7545
  Sun Dec 14 03:02:09 2014 TODDR [...] cpan.org - Status changed from 'open' to 'patched'
  Sun Jan 19 00:28:54 2020 TODDR [...] cpan.org - Status changed from 'patched' to 'resolved'
  Sun Jan 19 00:28:55 2020 TODDR [...] cpan.org - Fixed in 1.13_01 added