Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

csh: permission denied!

1,196 views
Skip to first unread message

Gabriel N. Schaffer

unread,
Apr 5, 1995, 3:00:00 AM4/5/95
to

In a previous article, bm...@criterion.com (Brandon Wallace) says:

>I am currently trying to install some fax software on a
>sparcstation 5 running Solaris 2.4
>
>I am rather new to solaris and am encountering the following problem:
>
>There is a Bourne shell script that gets run as root when a fax is received.
>I placed a command inside that script to run a script of my own.
>My script happens to be a C-shell script. Whenever the Bourne shell script
>gets to that line, it issues:
>
>/usr/bin/csh: Permission denied
>
>What is going on here? If I change my script to a Bourne shell script it runs

The script is running SUID. Not necessarily the script itself, but
something that calls it. That means that its UID isn't its EUID, and when
it tries to setuid(), it can't because it's not root. You need to give csh
an option to prevent this setuid(). I believe it's "-b" or "-p".
--
/~~~~ / /~~~ / /~~/~~ gn...@po.cwru.edu
/ ___ __ /_ __ (__ __ /_ __ _/__/__ _http://www.gabe.com/
/ / ___/ / ) /__) ) / / ) ___/ / / /__) /__)
/____/ /__/ (__/ (___ ___/ (__ / / /__/ / / (___ / \__

Brandon Wallace

unread,
Apr 5, 1995, 3:00:00 AM4/5/95
to
I am currently trying to install some fax software on a
sparcstation 5 running Solaris 2.4

I am rather new to solaris and am encountering the following problem:

There is a Bourne shell script that gets run as root when a fax is received.
I placed a command inside that script to run a script of my own.
My script happens to be a C-shell script. Whenever the Bourne shell script
gets to that line, it issues:

/usr/bin/csh: Permission denied

What is going on here? If I change my script to a Bourne shell script it runs

fine, as long as it doesn't try to run any csh scripts. If I replace the line
with something like:

/usr/bin/csh -c echo test

then I get the same error. I know it is not my csh script because I
can invoke it from the command line.

ls -ld /usr /usr/bin /usr/bin/csh shows:
drwxrwxr-x 31 root sys 1024 Mar 24 10:06 /usr
drwxrwxr-x 2 root bin 6144 Mar 24 11:22 /usr/bin
-rwxrwxrwx 1 bin bin 158352 Jul 15 1994 /usr/bin/csh

I don't know what the problem is. Does anyone else?
--
=====================================================
| mailto:bm...@criterion.com | I live life face down|
| | in the fast lane. |
| http://www.criterion.com/home-pages/brandon |
=====================================================


Igor Chudov

unread,
Apr 12, 1995, 3:00:00 AM4/12/95
to
Brandon Wallace (bm...@criterion.com) wrote in comp.unix.programmer:
: I am currently trying to install some fax software on a
: sparcstation 5 running Solaris 2.4

: I am rather new to solaris and am encountering the following problem:

: There is a Bourne shell script that gets run as root when a fax is received.
: I placed a command inside that script to run a script of my own.
: My script happens to be a C-shell script. Whenever the Bourne shell script
: gets to that line, it issues:

: /usr/bin/csh: Permission denied

Most probably you created setuid script, and most Unix systems do not
allow running suid scripts by security reasons. The question "why?"
rightfully belongs to the FAQ.


: ls -ld /usr /usr/bin /usr/bin/csh shows:


: drwxrwxr-x 31 root sys 1024 Mar 24 10:06 /usr
: drwxrwxr-x 2 root bin 6144 Mar 24 11:22 /usr/bin
: -rwxrwxrwx 1 bin bin 158352 Jul 15 1994 /usr/bin/csh

: I don't know what the problem is. Does anyone else?

See above, but YOU HAVE A SERIOUS SECURITY PROBLEM!!! You should take
measures soon. The problem is that csh (and probably sh, too) is world-
writable. Any user can modify this file so that besides usuall csh
functionality it will [for example] check if the current user is root
and do something bad on behalf of the person who altered it.

You should URGENTLY (if it is not your standalone home computer) check
all permissions on all your files in /etc, /bin, /sbin, and /usr/bin.

For example, a permission for csh can be -r-xr-xr-x, and /usr/bin should
belong to bin.bin.
--
IMHO, - Igor_...@WilTel.com

http://www.iii.net/users/ichudov/index.html

Gerhard Harrop

unread,
Apr 14, 1995, 3:00:00 AM4/14/95
to
Brandon Wallace (bm...@criterion.com) wrote:
> I am currently trying to install some fax software on a sparcstation 5
> running Solaris 2.4. I am rather new to solaris and am encountering
> the following problem:

> There is a Bourne shell script that gets run as root when a fax is received.
> I placed a command inside that script to run a script of my own.
> My script happens to be a C-shell script. Whenever the Bourne shell script
> gets to that line, it issues:

> /usr/bin/csh: Permission denied

You seem to be saying that the "Bourne shell script that gets run when a fax
is received" is setuid to root. If so, your script should begin

#!/usr/bin/csh -b

rather than just

#!/usr/bin/csh

Csh gives the "Permission denied" message if its real and effective UIDs are
different and the -b option was not specified.

P.S. I added comp.unix.shell to the distribution.
--
These opinions are my own and do not necessarily reflect the views of CSC.
Gerhard Harrop Computer Sciences Corporation gha...@sed.csc.com

Nick J. Rees

unread,
Apr 25, 1995, 3:00:00 AM4/25/95
to
On a similar note:

I just spent an hour or so looking at a problem where a csh script
was being run from a setuid program via fork/exec. The script contained
the first line "#!/bin/csh -f -b" [We had to add the -b to get this
to run properly on SunOS].

When the userid was not the owner of the program we saw the
"csh: permission denied" message. On Solaris this did not work.

Since I did not have privileges to edit the script, I created
another script with "#!/bin/csh -f -b" as the first line which
executed the first script.

This didn't work but when I changed it to "#!/bin/sh -f -b" it
now works. Can somebody explain?
--
email: ree...@texaco.com
#include <disclaimer.h>

0 new messages