tih@barsoom.nhh.no (Tom Ivar Helbekkmo) (06/03/90)
I've got a pretty annoying problem with SCO TCP/IP 1.1.0 under SCO Unix V/386 3.2.0 here... There's a known bug in the TCP/IP support stuff that makes a process started from an rc script run without "login authentication". This means that the process won't be able to run any setuid/setgid programs, because the system doesn't trust it or something. The workaround is that you explicitly say "su root -c command" to run the daemon in question. OK, so I installed NNTP support. Now, nntpd has to run rnews, which is setuid news. No go, of course, so I tried running inetd with an explicit su root. (The same thing is achieved when you kill the existing inetd process, and restart it while logged in as root.) Ah, it worked! Great! But of course, a few other things failed... :-( After this change, I can't telnet or ftp into the system, because it won't accept the login information. This is probably some hack in the code that's supposed to keep you from accidentally giving users root privs when telnetting or ftping into the box. So, what can I do? Has anyone else had this problem, and found a way to work it out? I guess the thing to do is to get hold of PD versions of telnetd and ftpd and use those -- at least I don't expect SCO to do anything about it... :-( -tih -- Tom Ivar Helbekkmo, NHH, Bergen, Norway. Telephone: +47-5-959205 tih@barsoom.nhh.no, thelbekk@norunit.bitnet, edb_tom@debet.nhh.no
tih@barsoom.nhh.no (Tom Ivar Helbekkmo) (06/03/90)
I wrote: >I've got a pretty annoying problem with SCO TCP/IP 1.1.0 under SCO >Unix V/386 3.2.0 here... There's a known bug in the TCP/IP support >stuff that makes a process started from an rc script run without >"login authentication". This means that the process won't be able to >run any setuid/setgid programs, because the system doesn't trust it or >something. The workaround is that you explicitly say "su root -c >command" to run the daemon in question. ...and I went on to describe how I couldn't make nntpd and telnetd/ftpd work at the same time, because the former wants inetd to be started with "su root -c inetd", while the latter two don't like that at all. I've figured out what to do; it turned out that the nntpd could run standalone, without invocation through inetd. This is OK, except that I've got another process running all the time, taking up memory. Not a big deal, though. Anyway, it doesn't solve the original problem. So, has anyone got any idea about what a process can do when it's been invoked from inetd under SCO Unix, and wants to run a setuid program? Or, better yet, does anyone have telnetd and/or ftpd sources that are compilable under SCO Unix? I've looked at the free BSD stuff, but it'll take some work to get those up and running, they're very BSD specific... -tih -- Tom Ivar Helbekkmo, NHH, Bergen, Norway. Telephone: +47-5-959205 tih@barsoom.nhh.no, thelbekk@norunit.bitnet, edb_tom@debet.nhh.no