Re: Secure EMC Run - 2

Subject: Re: Secure EMC Run - 2
From: Fred Proctor <frederick.proctor-at-nist.gov>
Date: Mon, 17 Jul 2000 11:36:51 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <00071416394500.02667-at-localhost.localdomain>
Reply-To: frederick.proctor-at-nist.gov


Ray,

You get this error: "not privileged to access IO-- disabling IO" because
the user is not root. To make this work, you can make the iosh program
"setuid root" so that whoever runs the program effectively runs it as
root.

To do this, do (as root):

root> chown root emc/plat/linux_2_2_14/bin/iosh
root> chmod u+s emc/plat/linux_2_2_14/bin/iosh

This makes root the owner of the program (it should already be owned by
root), and sets the "setuid" bit so that whoever runs the program has
the identity of the program's owner, in this case root.

If the program is recompiled, I think the setuid bit is cleared so you
have to do it again.

The setuid feature can be done to programs like /bin/bash, so that
anyone who runs the shell is root. This is very bad. A student sysadmin
at U Md when I was there did this:

student> su
Password: XXX
root> cp /bin/bash ~/mybash
root> chown root ~/mybash
root> chmod u+s ~/mybash
root> exit
student> ~/mybash
% echo mwah hah hah hah

and was expelled.

--Fred

References:
- Secure EMC Run - 2
  - From: Ray <rehenry-at-up.net>

Prev by Date: Re: Silly question
Next by Date: Minitetra kinematics, following error
Prev by thread: Secure EMC Run - 2
Next by thread: EMC bugs and new features; call for developers

Date Index | Thread Index | Back to archive index | Back to Mailing List Page
Problems or questions? Contact