setuuid/setguuid
Ian Wadham
iandw.au at gmail.com
Tue Dec 23 13:15:28 PST 2014
Hi Clemens,
On 23/12/2014, at 11:33 PM, Clemens Lang wrote:
> ----- On 23 Dec, 2014, at 13:02, René J.V. Bertin rjvbertin at gmail.com wrote:
>> IIRC, OS X no longer allows setuuid/setguuid, or only under some conditions.
>> Isn't that something that ought to be addressed in the post-destroot?
>> I'd vote for removing the offending flags if they cannot have their intended
>> effect anyway.
>
> That's the first time I hear of that. Unless you have a source you can quote on
> that I'm not going to believe you, especially since my SUID (not setuuid, that's
> not a thing) binaries still work as I expect them to.
Is this topic anything to do with the following Apple OS X message?
"The application with bundle ID (null) is running setugid(), which is not allowed."
Google on "Apple setugid". That message has been giving people trouble for
a couple of years at least. "setugid()" is Apple's shorthand for (regexp) "set[ug]id()".
I used to get the message from Dr Konqi (KDE's crash analyser), till I bypassed
the offending code by stopping KCrash from trying to run Dr Konqi via kdeinit4.
The source for main.cpp of Dr Konqi currently reads:
-------------------------------------
int main(int argc, char* argv[])
{
#ifndef Q_OS_WIN //krazy:exclude=cpp
// TODO - Investigate and fix this, or work around it as follows...
// #if !defined(Q_OS_WIN) && !defined(Q_OS_MAC)
// When starting Dr Konqi via kdeinit4, Apple OS X aborts us unconditionally for
// using setgid/setuid, even if the privs were those of the logged-in user.
// Drop privs.
setgid(getgid());
if (setuid(getuid()) < 0 && geteuid() != getuid()) {
exit(255);
}
#endif
-------------------------------------
The notes are to remind me to investigate this problem further if I ever get
kdeinit4 (or kdeinit5) to work properly on Apple OS X and MacPorts.
Cheers, Ian W.
More information about the macports-dev
mailing list