RES: [rt-users] Using the majordomo wrapper program to get around setuid problem
Presciliano dos Santos Neto
psneto at telepar.com.br
Tue Dec 4 09:00:17 EST 2001
Yes !! It worked fine !!!
> ----- Mensagem original -----
> De: Bruce Campbell [SMTP:bruce_campbell at ripe.net]
> Enviada em: Terça-feira, 4 de Dezembro de 2001 11:47
> Para: 'rt-users at lists.fsck.com'
> Cc: Presciliano dos Santos Neto
> Assunto: [rt-users] Using the majordomo wrapper program to
> get around setuid problem
> ( Subject changed to make it easier for people searching the archives )
> This is a brief rundown on how to use a setuid program to invoke
> rt-mailgate, when your OS's perl cannot (or won't) do setuid properly.
> Firstly, compile and install RT.
> Secondly, retrieve and extract majordomo from
> ftp://ftp.greatcircle.com/pub/majordomo . I used version 1.94.5 for this.
> I've also attached to this message a cut-down Makefile and the original
> wrapper.c .
> Thirdly, edit the Majordomo Makefile (or the attached one) and change the
> following variables:
> W_HOME = /path/to/rt2/bin
> W_USER = NUMERIC_ID_OF_RT_USER
> W_GROUP = NUMERIC_ID_OF_RT_GROUP
> Next, run 'make wrapper', and 'make install-wrapper' as root.
> Finally, put it in your /etc/aliases (or appropriate MTA location) as (on
> one line of course):
> rt-comment: "|/path/to/rt2/bin/wrapper rt-mailgate --queue
> QUEUE_NAME --action comment"
> rt: "|/path/to/rt2/bin/wrapper rt-mailgate --queue
> QUEUE_NAME --action correspond"
> ( Note that wrapper only looks for the program (1st argument) in the HOME
> directory defined below. You don't need to put
> '/path/to/rt2/bin/rt-mailgate' in the alias file )
> When fault-finding, note that /path/to/rt2/bin/wrapper should be setuid,
> be owned by root and the RT group, and the /path/to/rt2/bin should be
> within the wrapper binary, ie:
> $ strings -a /path/to/rt2/bin/wrapper
> HOME is %s,
> If HOME=/something/else, then you've probably ended up with your majordomo
> version of wrapper.
> Your next port of call is ensuring that /path/to/rt2/bin/rt-mailgate
> /path/to/rt2/bin/rt-mailgate is executable by the RT user, that the
> directory tree all the way to the / is accessible by the RT user, and the
> perl indicated by the first '#!' line is executable by the RT user. Then
> further fault-find by judicious application of perl -c and checking that
> the RT user can access all the libraries, *including*
> /path/to/rt2/etc/config.pm .
> I hope this helps.
> Bruce Campbell
> Operations << Arquivo: >> << Arquivo: >>
More information about the rt-users