Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle <prundle@xxxxxxxxxxxxxx>]

jam@xxxxxxxxx wrote:
> Gentlemen it should be absolutely trivial for the cgi to run a compiled program that is 
(a) suid to matlab (b) executes your script either as fork/exec or even system ("do 
something");
> James

James, thanks for volunteering to solve this one ;-) .

Can you explain to a mere mortal why the following doesn't work?
As a first step to your "trivial" challenge, I've written a simple C routine to

 system ("do something");

Then as root, I've changed it's ownership to matlab and setuid on it. But when I run
it from my account, it doesn't execute as matlab.

Cluesticks?

Pete.

--
 $ cat suidexec.c
 #include <stdlib.h>
 #include <stdio.h>
 main(int argc, char *argv[]) {
   if (argc < 2) {
     printf("Usage:%s <command>\n",argv[0]);
     exit(-1);
   }
   printf("Executing Command '%s'\n",argv[1]);
   system(argv[1]);
 }

 $ ls -l suidexec
 -rws--x--x  1 matlab apache 4962 May 16 08:03 suidexec

 $ ./suidexec id
 Executing Command 'id'
 uid=501(prundle) gid=501(prundle) context=user_u:system_r:unconfined_t

 $ ./suidexec /home/matlab/product/bin/matlab
 Executing Command '/home/matlab/product/bin/matlab'

 License Manager Error -39.
 User/host not on INCLUDE list for feature.

So no dice, but if one su's to the matlab account, all is well.

 $ su matlab
 Password:
 $> /home/matlab/product/bin/matlab

 Warning:
   MATLAB is starting without a display, using internal event queue.
   You will not be able to display graphics on the screen.

                              < M A T L A B >
                  Copyright 1984-2006 The MathWorks, Inc.


So I don't so much need to execut with matlab permissions as to be seen
to execute as the user account matlab.