[Coco] setuid? wasRe: Telnet to your CoCo.. and invite 6 of your friends

Aaron Wolfe aawolfe at gmail.com
Sun Nov 29 08:08:36 EST 2009 

The OS9 F$SUser works as described in the docs.  It will let you
become any user you'd like.  I wrote a tiny (41 bytes in module form)
'su' command to verify, the relevant code is:

            ldy		#0				;lets be user 0
            os9		F$SUser

            ldd		#$1101
            leax	        shell,pcr
            os9		F$Chain			;chain to shell

An example of use:

NitrOS-9/6309 Level 2 V3.2.9 on the Tandy Color Computer 3  2009/11/29 08:02:27


User name?: aaron
Password: test

Process #04 logged on   2009/11/29 08:02:33
Welcome!

Welcome to NitrOS-9 Level 2!


Shell+ v2.2a 09/11/29 08:02:33

{T1|04}/DD:procs

         User                     Mem Stack
Id  PId Number  Pty Age Sts Signl Siz  Ptr   Primary Module
--- --- ------- --- --- --- ----- --- ----- ----------------
  4   3     1   128 128 $80    0   31 $5DDE Shell
  5   4     1   128 128 $80    0   31 $1EF1 Procs

{T1|04}/DD:su

Shell+ v2.2a 09/11/29 08:02:45

{T1|05}/DD:procs

         User                     Mem Stack
Id  PId Number  Pty Age Sts Signl Siz  Ptr   Primary Module
--- --- ------- --- --- --- ----- --- ----- ----------------
  2   1     0   128 131 $80    0   31 $64DE Shell
  3   2     0   128 131 $80    0   31 $61DE Tsmon
  5   4     0   128 128 $80    0   31 $5BDE Shell
  6   5     0   128 128 $80    0   31 $1EF1 Procs

{T1|05}/DD:




On Sun, Nov 29, 2009 at 3:44 AM, Willard Goosey <goosey at virgo.sdc.org> wrote:
> On Sat, Nov 28, 2009 at 08:37:21PM -0800, Wayne Campbell wrote:
>
>>OS-9 allows you to set access permissions based on the attributes of
>>the file/folder/program. In order for a user to use a program, they
>>have to have permission to access the directory, and the file and/or
>>program to use it.
>>
> True.  The filesystem's security seems to work fine.
>
>> With this in mind, one can establish a userlevel that makes it
>> possible to prevent users with lower access levels from using or
>> accessing things requiring higher access levels. Is this not the
>> case with OS-9?
>
> Actually, that's the part we're trying to figure out... ;-)
>
> Just like in UNIX there's a setuid() system call.  If it makes even a
> reasonable attempt to be secure (only user 0 is allowed to setuid)
> then we're pretty much OK.
>
> However, Tandy's documentation says it doesn't.  It claims any user
> can setuid to any other user-number.
>
> So, I tried to test this with a C version of su(1) from Rainbow.  The
> binary was corrupt, so I had to recompile it... And it worked
> properly.  User 0 can setuid to any user number, but other users aren't
> allowed to.
>
> Just to make this further ambiguous, the Microware C manual says that
> setuid() only works for user 0.  The manual for Kreider C lib agrees,
> but provides asetuid(), which succeeds even if you aren't user 0!
>
> Someone's going to have to either try an assembly version of su or
> read the source.
>
> And not me (at least not tonight)!  I've got other things to hack
> tonight.  Starting with the dished. :-(
>
> Willard
> --
> Willard Goosey  goosey at sdc.org
> Socorro, New Mexico, USA
> I search my heart and find Cimmeria, land of Darkness and the Night.
>  -- R.E. Howard
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>

More information about the Coco mailing list