marco@ghost.unimi.it (Marco Negri) (05/14/91)
I have posted, yesterday, an help request about root uid == -2
on remote access to an NFS.
I have recived many respond, thanks very much to everybody, and
I have tested it on hp-ux 7.0 on an hp9000s800 (825/835/855).
The solution is to patch the value of "nobody" Kernel variable.
nobody represent the uid of root when made a remote access.
Sources are enclosed, simple and run fine.
Marco.
--
Marco Negri Phone : +39-2-7575242
Computer Science Dep. Milan University Fax : +39-2-76110556
Via Moretto da Brescia, 9 Telex : 335199 - MIDSII
I-20133 Milano - Italy - `92 Europe E-Mail : marco@ghost.unimi.it
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of shell archive."
# Wrapped by marco@ghost on Mon May 13 20:35:13 1991
# Contents: Makefile nfspatch.c
# Existing files will not be overwritten.
# Error checking via wc(1) will be performed.
overwrite_check()
{
echo Ok to overwrite existing file $1 \? \\c
read answer
case "$answer" in
[yY]*) echo Proceeding;;
*) echo Aborting; exit 1;;
esac
rm -f $1
if test -f $1
then
echo Error: could not remove $1, aborting
exit 1
fi
}
test "${1}" != "-c"
overwrite_opt=$?
LANG=""; export LANG
PATH=/bin:/usr/bin:$PATH; export PATH
if test -f Makefile -a $overwrite_opt -eq 0
then
overwrite_check Makefile
fi
[ -d `dirname Makefile` ] || mkdir -p `dirname Makefile`
echo x - Makefile
sed "s/^X//" > Makefile <<'@EOF'
X#
X# $Author: marco $
X# $Id: Makefile,v 1.1 1991/05/13 18:33:26 marco Exp marco $
X# $Date: 1991/05/13 18:33:26 $
X# $Revision: 1.1 $
X# $Lock:$
X#
X
XCFLAGS = -O -s -n
XINST = /usr/local/bin
X
Xnfspatch : nfspatch.c
X cc $(CFLAGS) $@.c -o $@
X cpset $@ $(INST)
@EOF
set `wc -lwc <Makefile`
if test $1$2$3 != 1446250
then
echo ERROR: wc results of Makefile are $* should be 14 46 250
fi
chmod 600 Makefile
if test -f nfspatch.c -a $overwrite_opt -eq 0
then
overwrite_check nfspatch.c
fi
[ -d `dirname nfspatch.c` ] || mkdir -p `dirname nfspatch.c`
echo x - nfspatch.c
sed "s/^X//" > nfspatch.c <<'@EOF'
X/*
X * $Author: marco $
X * $Id: nfspatch.c,v 1.1 1991/05/13 18:33:26 marco Exp marco $
X * $Date: 1991/05/13 18:33:26 $
X * $Revision: 1.1 $
X * $Lock:$
X */
X
X#ifndef lint
Xstatic char *rcsid = "@(#) $Id: nfspatch.c,v 1.1 1991/05/13 18:33:26 marco Exp marco $";
X#endif lint
X
X#include <fcntl.h>
X#include <stdio.h>
X#include <nlist.h>
X
Xstruct nlist nl_tbl[] = {
X#ifdef hp9000s800
X {"nobody", 0},
X#else hp9000s800
X {"_nobody", 0},
X#endif hp9000s800
X {0}
X};
X
X#define ADDR nl_tbl[0].n_value
X
X#define KERNEL "/hp-ux"
X
Xmain(argc, argv)
Xint argc;
Xchar *argv[];
X{
X register int i = 0;
X int fd;
X int v = 0;
X
X if (argc > 2) {
X fprintf(stderr, "Usage : %s [remote-root-uid]\n", argv[0]);
X exit(1);
X }
X
X if (argc == 2)
X v = atoi(argv[1]);
X
X if (nlist(KERNEL, nl_tbl) == -1) {
X perror("nlist()");
X exit(1);
X }
X
X if ((fd = open("/dev/kmem", O_RDWR)) == -1) {
X perror("/dev/kmem");
X exit(1);
X }
X
X if (lseek(fd, ADDR, 0) != ADDR) {
X perror("lseek()");
X exit(1);
X }
X
X if (write(fd, &v, sizeof(v)) != sizeof(v)) {
X perror("write()");
X exit(1);
X }
X
X exit(0);
X}
@EOF
set `wc -lwc <nfspatch.c`
if test $1$2$3 != 671541047
then
echo ERROR: wc results of nfspatch.c are $* should be 67 154 1047
fi
chmod 600 nfspatch.c
echo shar: End of shell archive.
exit 0
--
Marco Negri Phone : +39-2-7575242
Computer Science Dep. Milan University Fax : +39-2-76110556
Via Moretto da Brescia, 9 Telex : 335199 - MIDSII
I-20133 Milano - Italy - `92 Europe E-Mail : marco@ghost.unimi.it