From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Delivered-To: caml-list@yquem.inria.fr Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by yquem.inria.fr (Postfix) with ESMTP id 5B509BC48 for ; Sun, 27 Mar 2005 12:31:33 +0200 (CEST) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j2RAVX6h024791 for ; Sun, 27 Mar 2005 12:31:33 +0200 Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id MAA29623 for ; Sun, 27 Mar 2005 12:31:32 +0200 (MET DST) Received: from furbychan.cocan.org (furbychan.cocan.org [80.68.91.176]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j2RAVSrX024782 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sun, 27 Mar 2005 12:31:32 +0200 Received: from rich by furbychan.cocan.org with local (Exim 3.35 #1 (Debian)) id 1DFV3H-00060A-00 for ; Sun, 27 Mar 2005 11:31:27 +0100 Date: Sun, 27 Mar 2005 11:31:27 +0100 To: Inria Ocaml Mailing List Subject: Re: [Caml-list] on ocaml and set-user-id programs Message-ID: <20050327103126.GA23054@furbychan.cocan.org> References: <20050327100145.GA9332@fistandantilus.takhisis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050327100145.GA9332@fistandantilus.takhisis.org> User-Agent: Mutt/1.3.28i From: Richard Jones X-Miltered: at concorde with ID 42468B85.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at concorde with ID 42468B80.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; caml-list:01 ocaml:01 zacchiroli:01 ocaml:01 bytecode:01 ocamlrun:01 bytecode:01 notepad:01 wrote:01 wrote:01 faq:01 kernel:01 native:02 compiling:02 compiling:02 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.2 X-Spam-Level: On Sun, Mar 27, 2005 at 12:01:45PM +0200, Stefano Zacchiroli wrote: > I've wrote an ocaml program that needs to be executed set-user-id root. > > I managed to have it being executed with effective user id 0 only > compiling in native code or in custom bytecode. Both executing it as a > script using "ocamlrun ocaml" and compiling it to non-custom bytecode > make the program having effective user id of the user executing it. > (Example session at the end of this mail) I think the problem is simply caused because your kernel has setuid scripts disabled, for security reasons. According to the second reference below, Linux ignores the setuid and setgid bits on scripts. http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html http://www.linux.com/howtos/Secure-Programs-HOWTO/processes.shtml Rich. -- Richard Jones, CTO Merjis Ltd. Merjis - web marketing and technology - http://merjis.com Team Notepad - intranets and extranets for business - http://team-notepad.com