thad@cup.portal.com (Thad P Floryan) (06/23/89)
The following is a l'il qwik'n'dirty you may find useful. If you know of some
other method to determine whether one is running su'd or not, please share it.
This posting is to unix-pc.sources and comp.sys.att since it's of potential use
to any UNIX user of ksh.
# This is a shell archive.
# Remove everything above and including the cut line.
# Then run the rest of the file through sh.
#----cut here-----cut here-----cut here-----cut here----#
#!/bin/sh
# shar: Shell Archiver
# Run the following text with /bin/sh to create:
# README
# Makefile
# kshpr.c
# This archive created: Fri Jun 23 05:24:03 1989
echo shar: extracting README
sed 's/^X//' << \SHAR_EOF > README
X"Kshpr" is the proverbial "one-line" program you may find interesting and
Xuseful. It is the result of my requirement for a different prompt while
Xoperating ksh su'd.
X
XAfter several kludge attempts, including attempts to process the output of
X`id`, I couldn't find an obvious way to detect the su'd condition directly
Xin the shell, so "kshpr" was born.
X
XKshpr is intended for use in a .kshrc script per:
X
X PS1=`/usr/local/bin/kshpr`
X
Xkshpr's normal output is: "ksh $PPID/$$> "
Xkshpr's output if su'd is: "ksh-su $PPID/$$# "
X
X$PPID is the parent process' ID; if it's a 1, then I know that typing a ^D
Xwill log me out. $$ is the process ID of "this" process (e.g. this instance
Xof the ksh). The typical display of the prompt is "ksh 1/2345> " and is
X"ksh-su 2345/6789# " when running as superuser.
X
XAfter many futile attempts using other approaches, my notes don't indicate
Xwhether one MUST specify /bin/ksh as the login shell for root or not (in the
X/etc/passwd file), but it's that way on my systems now and all works fine.
X
XThad Floryan [ thad@cup.portal.com (OR) ..!sun!portal!cup.portal.com!thad ]
SHAR_EOF
if test 1104 -ne "`wc -c README`"
then
echo shar: error transmitting README '(should have been 1104 characters)'
fi
echo shar: extracting Makefile
sed 's/^X//' << \SHAR_EOF > Makefile
X# Makefile for kshpr
X#
X# Uncomment the line for your favorite compiler
X#
X#CC= cc
XCC= gcc
X
XCFLAGS= -O
X
Xkshpr: kshpr.o
X ld /lib/crt0s.o /lib/shlib.ifile kshpr.o -o kshpr -s
X rm -f kshpr.o
X
Xkshpr.o: kshpr.c
X $(CC) $(CFLAGS) -c kshpr.c
SHAR_EOF
if test 236 -ne "`wc -c Makefile`"
then
echo shar: error transmitting Makefile '(should have been 236 characters)'
fi
echo shar: extracting kshpr.c
sed 's/^X//' << \SHAR_EOF > kshpr.c
X/* kshpr
X *
X * This program displays my idea of a ksh prompt which is different for a
X * normal user than it is for a su'd user.
X *
X * Kshpr is intended for use in a .kshrc script per:
X *
X * PS1=`/usr/local/bin/kshpr`
X *
X * The normal output is: "ksh $PPID/$$> ", and
X * the output if su'd is: "ksh-su $PPID/$$# "
X *
X * Thad Floryan, 3-June-1989
X */
X
X#include <stdio.h>
X
Xextern int getuid();
X
Xmain()
X{
X if (getuid() == 0) fprintf(stdout, "ksh-su $PPID/$$# ");
X else fprintf(stdout, "ksh $PPID/$$> ");
X}
SHAR_EOF
if test 519 -ne "`wc -c kshpr.c`"
then
echo shar: error transmitting kshpr.c '(should have been 519 characters)'
fi
# End of shell archive
exit 0wjc@ho5cad.ATT.COM (Bill Carpenter) (06/24/89)
In article <19817@cup.portal.com> thad@cup.portal.com (Thad P Floryan) writes: > The following is a l'il qwik'n'dirty you may find useful. If you know of some > other method to determine whether one is running su'd or not, please share it. > This posting is to unix-pc.sources and comp.sys.att since it's of potential use > to any UNIX user of ksh. While not su-ed (like in .profile), create a file, e.g., /tmp/try. chmod 044 /tmp/try. (Obviously, you need a more unique filename.) Here's the test you asked for: if [ -r /tmp/try ] then echo I am su-ed else echo I am not su-ed fi -- Bill Carpenter att!ho5cad!wjc or attmail!bill
ccs@lazlo.UUCP (Clifford C. Skolnick) (06/25/89)
Thad,
You wanted a way to detect setuid programs, well here is a quick
script I tossed together for you. I would of mailed it, but someone else
might find it useful also (who I don't know :-).
---- CUT HERE ----
# issu
# by Cliff Skolnick (ccs@lazlo.UUCP)
#
# issu script to determin if a user is setuid or not
# note, if the shell itself is suid, it will not detect this. You
# can check the number of fields returned by id if you want to add this
#
# Cheap and dirty way of seperating the output of id which encloses the
# uid in parenthesis. Let the shell do it with it's field seperation
# variable
IFS=${IFS}"()"
set `id`
uid1=$2
# get who is logged in on the terminal
set `who am i`
uid2=$1
# if the user logged in does not match who is running this, then it
# is set uid.
if [ $uid1 = $uid2 ]
then
echo "no"
exit 0
else
echo "yes"
exit 1
fi
---- CUT HERE ----
--
"I'd rather stay here with all the madmen, than perish with the sad man
roaming free" -- David Bowie
"Life is a test, only a test. If it was real, you would have been given much
better instructions." Clifford C. Skolnick / (716)427-8046 / ccs@lazlo.UUCPjmm@ecijmm.UUCP (06/25/89)
In article <19817@cup.portal.com> thad@cup.portal.com (Thad P Floryan) writes: |The following is a l'il qwik'n'dirty you may find useful. If you know of some |other method to determine whether one is running su'd or not, please share it. |This posting is to unix-pc.sources and comp.sys.att since it's of potential use |to any UNIX user of ksh. | |[... shar deleted ...] Well you asked for it... I hope there won't be a deluge of similar postings. Anyhow, my method of determining whether I'm su'ed to root or not is a simple test "if [ -w /etc/passwd ]". If that succeeds, you're either root or the proud owner of an insecure system. The relevant portion of my .kshrc follows (the alias for rn prevents a time-bombed gotcha - if you run rn as root, then your .newsrc ends up owned by root, then the next time you run rn as yourself your .newsrc can't be overwritten properly and ends up truncated, and then finally the next time you run rn, the .oldnewsrc gets destroyed too): ... if [ -w /etc/passwd ] then SUFLAG=' -- ROOT -- ' alias rn='echo DUMMY -- get out of root first' else SUFLAG=' ' fi integer NEST NEST=${NEST:=0} if [ $NEST != 0 ] then NEST=NEST+1; NESTPROMPT=":$NEST " else NEST=NEST+1; NESTPROMPT=""; stty kill ^X fi PS1="$LOGNAME@$SYSNAME$NESTPROMPT("' ${PWD#$HOME/}$SUFLAG) [!] ' PS2="$LOGNAME@$SYSNAME ... " ... | [ ... later in the shar, he writes ... ] |X |XAfter many futile attempts using other approaches, my notes don't indicate |Xwhether one MUST specify /bin/ksh as the login shell for root or not (in the |X/etc/passwd file), but it's that way on my systems now and all works fine. |X There is a simple way to not care whether root's shell is ksh or not. I use the following alias instead of su: alias sup="su root -c 'exec ksh'" -- John Macdonald -- John Macdonald
vern@zebra.UUCP (Vernon C. Hoxie) (06/28/89)
In article <19817@cup.portal.com>, thad@cup.portal.com (Thad P Floryan) writes: > The following is a l'il qwik'n'dirty you may find useful. If you know of some > other method to determine whether one is running su'd or not, please share it. > This posting is to unix-pc.sources and comp.sys.att since it's of potential use Here's what I did: To ~/.kshrc add: alias ck='/bin/su -su' ( ck for Clark Kent ) Change /.profile to: if [ "$SHFLAG" != 1 ] then exec /bin/ksh fi Change /.kshrc to: PS1="Root ! > " PS2="Root ? " PS3="Root # " It works for me, vern. -- Vernon C. Hoxie {ncar,nbires,boulder,isis}!scicom!zebra!vern 3975 W. 29th Ave. voice: 303-477-1780 Denver, Colo., 80212 ( TB+ ) uucp: 303-455-2670
caa@midgard.Midgard.MN.ORG (Charles A Anderson) (06/28/89)
In article <287@ecijmm.UUCP> jmm@ecijmm.UUCP (John Macdonald) writes: |Well you asked for it... I hope there won't be a deluge of similar |postings. Anyhow, my method of determining whether I'm su'ed to root |or not is a simple test "if [ -w /etc/passwd ]". If that succeeds, |you're either root or the proud owner of an insecure system. Won't work for me, cuz my /etc/passwd is 444. Meaning I have to do a w! to change it in vi but that's ok with me. -- /-Charles-Anderson-\ caa@midgard.mn.org || (backbone)!bungia!midgard!caa \------------------/ caa@garnet.ssd.cdc.com || (backbone)!shamash!garnet!caa I'm gonna make like yesterday's lunch, down and out the back. -me (The above quote has been rated as gross, digusting, and tacky by my cow- orkers at work...are you a cow orker? Would you like to be one? Send $5 and SASEE to me for free (almost) informative (more or less) redundant (very) information packet. VISA and MasterCard accepted (and abused).)
jmm@ecijmm.UUCP (John Macdonald) (06/29/89)
In article <1045@midgard.Midgard.MN.ORG> caa@midgard.Midgard.MN.ORG (Charles A Anderson) writes: |In article <287@ecijmm.UUCP> jmm@ecijmm.UUCP (John Macdonald) writes: ||... Anyhow, my method of determining whether I'm su'ed to root ||or not is a simple test "if [ -w /etc/passwd ]". If that succeeds, ||you're either root or the proud owner of an insecure system. | |Won't work for me, cuz my /etc/passwd is 444. Meaning I have to do a w! |to change it in vi but that's ok with me. My /etc/passwd is 444 too. The test works anyhow. Both from sh and ksh. Try it. Vi checks for this as a special case, it doesn't just try to write and see if it fails (you wouldn't - that's part of the special charm of being root). -- John Macdonald
clewis@ecicrl.UUCP (Chris Lewis) (07/03/89)
In article <1045@midgard.Midgard.MN.ORG> caa@midgard.Midgard.MN.ORG (Charles A Anderson) writes: |In article <287@ecijmm.UUCP> jmm@ecijmm.UUCP (John Macdonald) writes: ||Well you asked for it... I hope there won't be a deluge of similar ||postings. Anyhow, my method of determining whether I'm su'ed to root ||or not is a simple test "if [ -w /etc/passwd ]". If that succeeds, ||you're either root or the proud owner of an insecure system. |Won't work for me, cuz my /etc/passwd is 444. Meaning I have to do a w! |to change it in vi but that's ok with me. So is John's. (It better be or I'm in deep s**t). "test -w /etc/passwd" will succeed *even if* passwd is 444 if you're su'd to root. Sidenote: You have to do the "w!" in vi, not because vi *can't* write, but because vi doesn't *think* it can write. Vi is *not* smart enough to chmod +w/chmod -w (or, unlink()-creat() either) just because you said "w!". "w!" means "write even though you don't think you can". Not "write even though you can't". Aren't permissions fun? -- Chris Lewis, Markham, Ontario, Canada {uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis Ferret Mailing list: ...!lsuc!eci386!ferret-request
cks@ziebmef.uucp (Chris Siebenmann) (07/05/89)
Here's the relevant bits from my .kshrc, which result in a prompt of
the form
<user>:<terminal> <command #> <'>' or '#' if I'm root>
(eg "cks:w1 71 > " or "root:w1 1 # ")
uid=`id | sed 's/uid=[0-9]*(//
s/).*//'`
ttyp=`tty | sed 's;/dev/;;'`
case $uid in
root) prompter="#";;
*) prompter=">";;
esac
PS1="$uid:$ttyp ! $prompter "
Ah, the things one can do in ksh. Anyone want an emulation of the BSD
csh pushd/popd commands?
--
"Oh BLESS you, sir! The ANGEL OF DEATH was after me just as SURE as
you're standing there, yes he WAS!"
Chris Siebenmann uunet!{utgpu!moore,attcan!telly}!ziebmef!cks
cks@ziebmef.UUCP or .....!utgpu!{,ontmoh!,ncrcan!brambo!}cks