0

I wrote a little helper tool to feed rules into ipfw and start a dns-server. It does the same as this shell-script:

#!/bin/sh

# run the dns server
./nin_mdns_osx 127.0.0.1 &

ipfw add 27000 fwd 127.0.0.1,53 ip from any to any dst-port 53
ipfw add 27101 fwd 127.0.0.1,8081 tcp from any to any dst-port 80

This script works started with sudo (expected). My helpertool started with sudo works too (expected). When i make it root via "chmod u+s" and "chown root" the helper-tool tells me it is root (geteuid retuns 0) - but it fails preforming the ipfw-calls and the dns-server can't bin either (port 53 needs priviledged rights).

I am running Osx 10.6.8. Any Idea what's wrong?

leosok
  • 302
  • 1
  • 5
  • 15
  • Environment problems? In other words, is it finding ipfw and nin_mdsn_osx? – paulmelnikow Jun 20 '12 at 16:01
  • yes it is, the also "answer" - exactly what they give out when started as normal user – leosok Jun 20 '12 at 16:16
  • This answer on serverfault (a better fit for this question) says you can't make scripts SUID: http://serverfault.com/questions/93883/ubuntu-setuid-bash-doesnt-work – paulmelnikow Jun 20 '12 at 16:26
  • @noa thanks. BUT the script above is just an example of the function. My programm is a binary written in Free Pascal and starts the other programms via fpSystem which is quite similar to C's NSTask. So it beeing a script is not the issue here. – leosok Jun 20 '12 at 16:35
  • Perhaps you should post the code then, and tag your question freepascal. Perhaps it's related to the way fpSystem works when it's running setuid. – paulmelnikow Jun 20 '12 at 16:50
  • @noa You may be right. I set the uid on the executable of the dns server directly and strarted without sudo from bash - it runs, means, has all the rights it needs – leosok Jun 20 '12 at 17:27

0 Answers0