dvadura@watdragon.waterloo.edu (Dennis Vadura) (02/14/90)
I have the following three problems. Machine: DN3500, 8 megs ram, 350 meg disk, SR10.2, runs in x-owns-root I have run out of ideas as to what could be causing the problem, although I am certain that it is my fault. That is, none of this took place when I first installed SR10.2, but I went and ran protection sripts, that we have, to modify permissions since the install made everything under /sys, and elsewhere writable by everybody (not good). After running the scripts the following three problems have shown up: 1. Starting /etc/ping hostname, works fine, but I can't stop it. (this is from an xterm window, to stop it I have to su to root and kill it) my interrupt character is ^C, and stty everything gives: calypso[9] stty everything new tty, speed 9600 baud, 24 rows, 80 columns even odd -raw -nl echo -lcase -tandem tabs -cbreak crt: (crtbs crterase crtkill ctlecho) -tostop -tilde -flusho -mdmbuf -litout -pass8 -nohang -pendin -decctlq -noflsh erase kill werase rprnt flush lnext susp intr quit stop eof ^? ^X ^W ^R ^O ^V ^Z/^Y ^C ^\ ^S/^Q ^D the acl entry on /etc/ping is: calypso[10] lsacl -l /etc/ping Object ACL: Network-wide access allowed Required entries: root.%.% prwx- setuid %.staff.% -r-x- %.%.none [Ignore] %.%.% -r-x- Extended entry mask: -r-x- 2. For A while, login into the node from another machine would hang. If you then did a ~^Z, (to suspend login), and tried again it worked fine. This behaviour has since ceased. Nothing that I or anyone else knows of has changed. Anybody have any clues? 3. This is by far the strange one. Consider the following script: /bin/csh is the login shell. calypso[6] /usr/ucb/whoami dvadura calypso[7] echo `/usr/ucb/whoami` Segmentation fault calypso[8] echo `pwd` //calypso/lu/dvadura calypso[9] echo `/usr/ucb/whoami | cat` dvadura calypso[10] csh calypso[1] /usr/ucb/whoami dvadura calypso[2] echo `/usr/ucb/whoami` dvadura calypso[3] exit calypso[11] echo `/usr/ucb/whoami` Segmentation fault Ok, so the first 'whoami' works, when I put it in `` then it dumps core. but why does it work when I pipe the output through cat? What's worse is that this goes away completely if I do things in a subshell. The original problem manifested itself in the following expression: set k="(`/usr/ucb/whoami`)" which behaves identically to the 'echo' case above, it's just that the echo seems to be the smallest example that fails. This behaviour appears consistent, in that programs that seem to use the getpwuid(3) system call fail. (I've isolated this by hacking the code for whoami.c to figure out which call fails) Executing 'echo `ps aux`' fails as well, executing 'echo `ps aux | cat`' succeeds. So, does anyone have any suggestions where I could have hosed the permissions? Or, if that is not it, I am open to other suggestions of where to look for a fix. -thanks -dennis P.S> I really like 10.2 so far (modulo my screwup). -- -------------------------------------------------------------------------------- Another rescue ruined by the total |Dennis UUCP,BITNET: dvadura@water lack of danger. |Vadura EDU,CDN,CSNET: dvadura@waterloo ================================================================================
chen@digital.sps.mot.com (Jinfu Chen) (02/17/90)
In article <20873@watdragon.waterloo.edu> dvadura@watdragon.waterloo.edu (Dennis Vadura) writes: >I have the following three problems. >Machine: DN3500, 8 megs ram, 350 meg disk, SR10.2, runs in x-owns-root > >I have run out of ideas as to what could be causing the problem, although >I am certain that it is my fault. That is, none of this took place when >I first installed SR10.2, but I went and ran protection sripts, that we have, >to modify permissions since the install made everything under /sys, and >elsewhere writable by everybody (not good). After running the scripts the >following three problems have shown up: I don't know if this helps or not. There're directories under /sys needed to be wide open. Especially /sys/node_data and some directories under. /tmp, /dev, and many system log/temp directories are under /sys/node_data (/tmp is a link to /sys/node_data/tmp, so as /dev, and some directories in /usr/spool). So if you tight up protection from /sys on, you're in big trouble. I agree that the default acls provided by Apollo in SR10.1 and 10.2 are not tight enough and they don't provide a good script to set them up properly as in the good-old day of SR9.7. I'm also amazed by the size of the SR10.2 acl template: -rwxrwxr-x 1 root 1267125 Oct 13 07:24 templates/apollo/os.v.10.2/ip.closed_sysv -- Jinfu Chen (602)898-5338 | Disclaimer: Motorola, Inc. Logic IC Div., Mesa, AZ | ..{somewhere}!uunet!dover!digital!chen | My employer doesn't pay chen@digital.sps.mot.com | me to express opinions.