dvadura@watdragon.waterloo.edu (Dennis Vadura) (02/14/90)
I have the following three problems.
Machine: DN3500, 8 megs ram, 350 meg disk, SR10.2, runs in x-owns-root
I have run out of ideas as to what could be causing the problem, although
I am certain that it is my fault. That is, none of this took place when
I first installed SR10.2, but I went and ran protection sripts, that we have,
to modify permissions since the install made everything under /sys, and
elsewhere writable by everybody (not good). After running the scripts the
following three problems have shown up:
1. Starting /etc/ping hostname, works fine, but I can't stop it.
(this is from an xterm window, to stop it I have to su to root and kill it)
my interrupt character is ^C, and stty everything gives:
calypso[9] stty everything
new tty, speed 9600 baud, 24 rows, 80 columns
even odd -raw -nl echo -lcase -tandem tabs -cbreak
crt: (crtbs crterase crtkill ctlecho) -tostop
-tilde -flusho -mdmbuf -litout -pass8 -nohang
-pendin -decctlq -noflsh
erase kill werase rprnt flush lnext susp intr quit stop eof
^? ^X ^W ^R ^O ^V ^Z/^Y ^C ^\ ^S/^Q ^D
the acl entry on /etc/ping is:
calypso[10] lsacl -l /etc/ping
Object ACL:
Network-wide access allowed
Required entries:
root.%.% prwx- setuid
%.staff.% -r-x-
%.%.none [Ignore]
%.%.% -r-x-
Extended entry mask: -r-x-
2. For A while, login into the node from another machine would hang. If you
then did a ~^Z, (to suspend login), and tried again it worked fine.
This behaviour has since ceased. Nothing that I or anyone else knows of
has changed. Anybody have any clues?
3. This is by far the strange one. Consider the following script:
/bin/csh is the login shell.
calypso[6] /usr/ucb/whoami
dvadura
calypso[7] echo `/usr/ucb/whoami`
Segmentation fault
calypso[8] echo `pwd`
//calypso/lu/dvadura
calypso[9] echo `/usr/ucb/whoami | cat`
dvadura
calypso[10] csh
calypso[1] /usr/ucb/whoami
dvadura
calypso[2] echo `/usr/ucb/whoami`
dvadura
calypso[3] exit
calypso[11] echo `/usr/ucb/whoami`
Segmentation fault
Ok, so the first 'whoami' works, when I put it in `` then it dumps core.
but why does it work when I pipe the output through cat? What's worse
is that this goes away completely if I do things in a subshell.
The original problem manifested itself in the following expression:
set k="(`/usr/ucb/whoami`)"
which behaves identically to the 'echo' case above, it's just that the
echo seems to be the smallest example that fails. This behaviour appears
consistent, in that programs that seem to use the getpwuid(3) system call
fail. (I've isolated this by hacking the code for whoami.c to figure
out which call fails) Executing 'echo `ps aux`' fails as well, executing
'echo `ps aux | cat`' succeeds.
So, does anyone have any suggestions where I could have hosed the permissions?
Or, if that is not it, I am open to other suggestions of where to look for
a fix.
-thanks
-dennis
P.S> I really like 10.2 so far (modulo my screwup).
--
--------------------------------------------------------------------------------
Another rescue ruined by the total |Dennis UUCP,BITNET: dvadura@water
lack of danger. |Vadura EDU,CDN,CSNET: dvadura@waterloo
================================================================================chen@digital.sps.mot.com (Jinfu Chen) (02/17/90)
In article <20873@watdragon.waterloo.edu> dvadura@watdragon.waterloo.edu (Dennis Vadura) writes: >I have the following three problems. >Machine: DN3500, 8 megs ram, 350 meg disk, SR10.2, runs in x-owns-root > >I have run out of ideas as to what could be causing the problem, although >I am certain that it is my fault. That is, none of this took place when >I first installed SR10.2, but I went and ran protection sripts, that we have, >to modify permissions since the install made everything under /sys, and >elsewhere writable by everybody (not good). After running the scripts the >following three problems have shown up: I don't know if this helps or not. There're directories under /sys needed to be wide open. Especially /sys/node_data and some directories under. /tmp, /dev, and many system log/temp directories are under /sys/node_data (/tmp is a link to /sys/node_data/tmp, so as /dev, and some directories in /usr/spool). So if you tight up protection from /sys on, you're in big trouble. I agree that the default acls provided by Apollo in SR10.1 and 10.2 are not tight enough and they don't provide a good script to set them up properly as in the good-old day of SR9.7. I'm also amazed by the size of the SR10.2 acl template: -rwxrwxr-x 1 root 1267125 Oct 13 07:24 templates/apollo/os.v.10.2/ip.closed_sysv -- Jinfu Chen (602)898-5338 | Disclaimer: Motorola, Inc. Logic IC Div., Mesa, AZ | ..{somewhere}!uunet!dover!digital!chen | My employer doesn't pay chen@digital.sps.mot.com | me to express opinions.