Special setuid wrapper for Mango

Could someone write a setuid wrapper for me?

I'd like people to be able to reset their Mango LDAP password. For this
I'd like to have it work by allowing people to do:
  ssh -l $USERID mango.gnome.org mango

The fake mango command would call the setuid mango (not setuid root!)
script named:
/usr/local/bin/mango-reset (or something)
which calls:
/usr/local/bin/mango-reset.py $ORIGINAL_ID (or something, ENV variable
is also ok, at long as everything stays secure)


So I need a secure /usr/local/bin/mango-reset.c which checks which user
called it (so e.g. if someone logs in, I'd like to have my Python script
*securely* know which password / uid to reset.
Note: I prefer a number for the userid, e.g. 7810 or something. Think
that is more secure.

Could someone write above for me, securely?

Note: We already have something for signal-ftp-sync. Can't reuse it as I
want to know who called the setuid wrapper.

--
Regards,
Olav
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@...
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure

On Thu, Jul 30, 2009 at 02:42:41PM +0200, Olav Vitters wrote:
> Could someone write a setuid wrapper for me?
>
> I'd like people to be able to reset their Mango LDAP password. For this
> I'd like to have it work by allowing people to do:
>   ssh -l $USERID mango.gnome.org mango
>
> The fake mango command would call the setuid mango (not setuid root!)
> script named:

Ehr.. to be clear: /usr/local/bin/mango-reset is a C program, which
calls /usr/local/bin/mango-reset.py

--
Regards,
Olav
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@...
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey :-)

On 30.07.2009 13:42, Olav Vitters wrote:
> So I need a secure /usr/local/bin/mango-reset.c which checks which user
> called it (so e.g. if someone logs in, I'd like to have my Python script
> *securely* know which password / uid to reset.
> Note: I prefer a number for the userid, e.g. 7810 or something. Think
> that is more secure.
>
> Could someone write above for me, securely?
>
Is this still an issue?

Cheers,
  Tobi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrMh64ACgkQPuBX/6ogjZ4bGgCgrVX+ACwyTDzZr29pdb+Z2nbd
2+IAn0zRvH/2uSgFe/1b00Zwkn7DYeZC
=ABDp
-----END PGP SIGNATURE-----
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@...
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure

On Wed, Oct 07, 2009 at 01:21:28PM +0100, Tobias Mueller wrote:
Yes, still would like to have that. I haven't worked on the Django
branch for quite some time. I did update it a while ago mainly to work
with the latest Django.

--
Regards,
Olav
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@...
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aloha,

On 30.07.2009 13:42, Olav Vitters wrote:
> Could someone write a setuid wrapper for me?
>
I finally had time to do it.

The should be pretty secure. I can't think of any vulnerabilities.

#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

static const char program[] = "/usr/local/bin/mango-reset.py";
/* Testscript containing "env" static const char program[] =
"/tmp/env.sh"; */

static const char* environment[] = {"PYTHONPATH=foo", "bar=baz", NULL};

int
main (int argc, char* argv[]) {
    uid_t real, effective, saved;
    char buf[1024]; /* Assumed to be sufficient */

    if (getresuid (&real, &effective, &saved) < 0) {
        fprintf (stdout, "getresuid()\n");
        exit (EXIT_FAILURE);
    }
    if (snprintf (buf, sizeof(buf), "%d", real) < 0) {
        fprintf (stdout, "snprintf()\n");
        exit (EXIT_FAILURE);
    }
    execle (program, buf, NULL, environment);
    /* Not reached */
    return 0;
}


>
> So I need a secure /usr/local/bin/mango-reset.c which checks which user
> called it
That is saved in saved_uid which is retrieved through getresuid().

> Could someone write above for me, securely?
>
Well, I'm not using system() since it'd inherit the environment, which
contains at least the IFS, PATH or PYTHONPATH environment variable. This
can be a problem. So using exec() family, one can define the
environment. So you might want to adapt this since you'll need a
PYTHONPATH, I guess.

I'll buy anyone a beer who finds a vulnerability in that piece of code
above :)

> Note: We already have something for signal-ftp-sync. Can't reuse it as I
> want to know who called the setuid wrapper.
>
Haven't had a look at it.

HTH,
  Tobi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrwI94ACgkQPuBX/6ogjZ5MDgCfX4+xmRtPUmCr2R0kJNhTPszj
9QIAn34fhLQGSa3sdKCfGUk/RPeZP4YC
=7bVY
-----END PGP SIGNATURE-----
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@...
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure

On Tue, Nov 03, 2009 at 12:36:53PM +0000, Tobias Mueller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aloha,
>
> On 30.07.2009 13:42, Olav Vitters wrote:
> > Could someone write a setuid wrapper for me?
> >
> I finally had time to do it.

Thanks! Really appreciated. Still haven't worked more on Mango, but now
I have something to implement :-)

Shouldn't need PYTHONPATH. But would need another environment variable,
so appreciate that I can easily set it.

--
Regards,
Olav
_______________________________________________
gnome-infrastructure mailing list
gnome-infrastructure@...
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure