Re: Secure EMC Run - 2



Ray,

You get this error: "not privileged to access IO-- disabling IO" because
the user is not root. To make this work, you can make the iosh program
"setuid root" so that whoever runs the program effectively runs it as
root.

To do this, do (as root):

root> chown root emc/plat/linux_2_2_14/bin/iosh
root> chmod u+s emc/plat/linux_2_2_14/bin/iosh

This makes root the owner of the program (it should already be owned by
root), and sets the "setuid" bit so that whoever runs the program has
the identity of the program's owner, in this case root.

If the program is recompiled, I think the setuid bit is cleared so you
have to do it again.

The setuid feature can be done to programs like /bin/bash, so that
anyone who runs the shell is root. This is very bad. A student sysadmin
at U Md when I was there did this:

student> su
Password: XXX
root> cp /bin/bash ~/mybash
root> chown root ~/mybash
root> chmod u+s ~/mybash
root> exit
student> ~/mybash
% echo mwah hah hah hah

and was expelled.

--Fred



Date Index | Thread Index | Back to archive index | Back to Mailing List Page

Problems or questions? Contact