| --- Log opened Wed Oct 10 00:00:42 2018 |
| 00:13 | | Degi [Degi@Nightstar-rfsfhd.dyn.telefonica.de] has quit [Connection closed] |
| 00:16 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 00:23 | <@ErikMesoy> | Windows: "You do not have permission to alter this setting." Me: "Makes sense I guess, it's an important setting. Retrying as administrator." Windows: "You do not have permission to alter this setting." Me: "WTF is this bullshit." MS Answers: "You need to be DOUBLE ADMIN." |
| 00:23 | < [R]> | Solution: log in as Services |
| 00:24 | <@ErikMesoy> | System, actually, but yes. |
| 00:24 | <@ErikMesoy> | DOUBLE ADMIN turns out to mean first opening the command line as admin, them from command line running the program I wanted with the -s flag that runs it as System account. |
| 00:35 | <&McMartin> | This sounds not entirely unlike some of the shenanigans you need to do to get setuid programs to actually really for-real run as root. |
| 00:47 | | celticminstrel [celticminst@Nightstar-4tfuag.dsl.bell.ca] has joined #code |
| 00:47 | | mode/#code [+o celticminstrel] by ChanServ |
| 00:50 | < [R]> | What kind of shenanigans? Just chmod u+s,a+rx,go-w; chown root.root |
| 00:51 | <&McMartin> | Yeah, under certain UNIX-likes, including at minimum BSD-on-Darwin, that's incomplete. If it spawns child processes, then without some extra steps taken before the fork-exec privileges are dropped in the child process. |
| 00:52 | <&McMartin> | I think you have to do a setuid(0) inside the program itself or something, but it's been about six years since I actually had to care about this |
| 00:52 | < [R]> | Weirdness, what user do they end up running as instead? |
| 00:52 | <&McMartin> | The one whos id the setuid notionally replaced. |
| 00:52 | < [R]> | ? |
| 00:53 | <&McMartin> | So, I'm mcmartin, I set up a setuid root shell script in /Library |
| 00:53 | <&McMartin> | Run the script, the script says its root |
| 00:53 | <&McMartin> | When that script starts processes of their own, they'll run as mcmartin and probably not do what I want |
| 00:54 | < [R]> | Oh, I thought you meant at one point there was a user account that served the function of setuid, and you were refering to that |
| 00:55 | < [R]> | Right, so there's an effective user-id and a real user-id (IIRC Linux also has this) |
| 00:55 | <&McMartin> | Right |
| 00:56 | <&McMartin> | Yeah, I see this is actually now standard behavior for all shebanged executables that aren't Perl running in a special mode |
| 00:57 | <&McMartin> | And yeah, having a trampoline that setuid's along the way is the way to get around it in those cases where you must do so |
| 00:57 | <&McMartin> | This includes VMware Fusion, which is what I was contending with back in '12 or so. |
| 00:58 | <&McMartin> | Flipping through old stackexchange stuff, it seems the sequence is |
| 00:59 | <&McMartin> | - Linux dudes saying 'hey, setuid shebangs are a massive security hole, people need to stop doing this" |
| 00:59 | < [R]> | Ah, you weren't calling the setuid stuff directly |
| 00:59 | <&McMartin> | - OS X around 10.4 actually sets things up to force it to not do this |
| 00:59 | <&McMartin> | - Default Linux deployments set things up to force it to not do this |
| 00:59 | <&McMartin> | - Default Linux deployments actually become widely enough deployed to make this the expected default behavior in the field |
| 01:03 | <@celticminstrel> | "that aren't Perl" XD |
| 01:04 | <&McMartin> | Perl had a special mode for dealing with this, it seems |
| 01:04 | <&McMartin> | It's now recommended that you not use it |
| 01:04 | <@celticminstrel> | Ah. |
| 01:19 | | Kindamoody|afk is now known as Kindamoody |
| 01:40 | | Kindamoody is now known as Kindamoody[zZz] |
| 04:17 | | celticminstrel [celticminst@Nightstar-4tfuag.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 04:17 | | celticminstrel [celticminst@Nightstar-4tfuag.dsl.bell.ca] has joined #code |
| 04:17 | | mode/#code [+o celticminstrel] by ChanServ |
| 04:17 | | celticminstrel [celticminst@Nightstar-4tfuag.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 04:27 | <&McMartin> | Okay, command decision |
| 04:27 | <&McMartin> | Under normal maintenance I refuse to update my Linux kernel more than weekly |
| 04:28 | <&McMartin> | It's great that the kernel team is pushing out releases so fast, but that doesn't mean I want to be installing every single one. |
| 04:30 | | Derakon[AFK] is now known as Derakon |
| 04:35 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 04:35 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 04:54 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 05:07 | | Derakon is now known as Derakon[AFK] |
| 05:10 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 06:15 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has joined #code |
| 06:15 | | mode/#code [+qo Vorntastic Vorntastic] by ChanServ |
| 06:16 | | macdjord [macdjord@Nightstar-grpbnp.mc.videotron.ca] has joined #code |
| 06:16 | | mode/#code [+o macdjord] by ChanServ |
| 06:20 | | macdjord is now known as macdjord|slep |
| 07:18 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 07:18 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 07:23 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 11:08 | | Kindamoody[zZz] is now known as Kindamoody |
| 13:03 | | celticminstrel [celticminst@Nightstar-4tfuag.dsl.bell.ca] has joined #code |
| 13:03 | | mode/#code [+o celticminstrel] by ChanServ |
| 13:50 | | celticminstrel [celticminst@Nightstar-4tfuag.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 15:42 | | Alek [Alek@Nightstar-o723m2.cicril.sbcglobal.net] has joined #code |
| 15:42 | | mode/#code [+o Alek] by ChanServ |
| 15:44 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 15:44 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 16:35 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 17:00 | | Syloq [Syloq@NetworkAdministrator.Nightstar.Net] has quit [Server shutdown] |
| 17:00 | | PinkFreud [WhyNot@NetworkAdministrator.Nightstar.Net] has quit [Server shutdown] |
| 17:00 | | Netsplit Golgafrincham.Nightstar.Net <-> Krikkit.Nightstar.Net quits: @Alek |
| 17:06 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 17:07 | | Syloq [Syloq@NetworkAdministrator.Nightstar.Net] has joined #code |
| 17:07 | | Netsplit over, joins: Alek |
| 17:07 | | PinkFreud [WhyNot@NetworkAdministrator.Nightstar.Net] has joined #code |
| 17:07 | | ServerMode/#code [+ooo Syloq Alek PinkFreud] by *.Nightstar.Net |
| 20:50 | | himi [sjjf@Nightstar-v37cpe.internode.on.net] has quit [Ping timeout: 121 seconds] |
| 22:42 | | Degi [Degi@Nightstar-v0f4s6.dyn.telefonica.de] has joined #code |
| 22:59 | | himi [sjjf@Nightstar-1drtbs.anu.edu.au] has joined #code |
| 22:59 | | mode/#code [+o himi] by ChanServ |
| 23:46 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| --- Log closed Thu Oct 11 00:00:43 2018 |