[Starkit] Startkits under secure processes on Solaris 10

[Alan Peakall]

Hello All,

This email records a gotcha that I have encountered in migrating a
startkit-based application from Solaris-8/9 to Solaris 10.  I tracked the
problem to the processing of the executable starkit by the Solaris script
loader.  It appears that Sun have tightened the security policy on script
file execution at Solaris-10.  Formerly it was the case that the script file
was identified in the process image created by "execve()" using "/dev/fd<n>"
only if the script file itself had the setuid or setgid bit set.  It appears
that, as of Solaris 10, this security precaution is now employed for script
executions by all processes that have mismatched real/effective uids and/or
mismatched real/effective gids and do not have real and effective uid root.

The process invoking the startkit had such mismatched real/effective ids.
This did not result in any problem at Solaris 8/9 but failed on Solaris 10.
The consequence of the mismatch for a startkit execution is that the starkit
receives a command line which does not match that which it expects and the
VFS mount appears to fail messily.  The symptom is that a garbled error
message constructed from the text of the "package require starkit" command
appears.  Usually the filename "/dev/fd..." appears somewhere giving a clue
as to what has gone wrong.

The workaround that I have adopted is to place an wrapper shell script which
aligns real and effective uids/gids in place of the startkit.  The wrapper
invokes the startkit by its file-system name and the problem is resolved.

Alan Peakall
Open Systems Management Ltd.
Application initially authored by Steve Landers of Digital Smarties.

Keywords:  setuid, setgid, Solaris-10, /dev/fd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.equi4.com/pipermail/starkit/attachments/20060623/7c67c98d/attachment.htm