Y
Yang Zhang
When running rake from a suid binary:
#include <stdlib.h>
int main() {
return system("rake -f /usr/share/redmine/Rakefile
redmine:fetch_changesets RAILS_ENV=production");
}
I'm getting "Insecure operation - chdir":
$ ./update-redmine
rake aborted!
Insecure operation - chdir
/usr/lib/ruby/1.8/rake.rb:2364:in `chdir'
(See full trace by running task with --trace)
When I added --trace to the command, I get:
$ ./update-redmine
rake aborted!
Insecure operation - chdir
/usr/lib/ruby/1.8/rake.rb:2364:in `chdir'
/usr/lib/ruby/1.8/rake.rb:2364:in `find_rakefile_location'
/usr/lib/ruby/1.8/rake.rb:2368:in `raw_load_rakefile'
/usr/lib/ruby/1.8/rake.rb:2017:in `load_rakefile'
/usr/lib/ruby/1.8/rake.rb:2068:in `standard_exception_handling'
/usr/lib/ruby/1.8/rake.rb:2016:in `load_rakefile'
/usr/lib/ruby/1.8/rake.rb:2000:in `run'
/usr/lib/ruby/1.8/rake.rb:2068:in `standard_exception_handling'
/usr/lib/ruby/1.8/rake.rb:1998:in `run'
/usr/bin/rake:28
Anybody know what's up with this? Also, is this totally unsafe? I
don't know how safe a program rake is (e.g., can one set env vars to
get it to do arbitrary actions?). Not actually putting this into
deployment on anything but my own box, but would just be good for me
to know, and I'm mostly curious about my original question. Thanks in
advance for any answers.
#include <stdlib.h>
int main() {
return system("rake -f /usr/share/redmine/Rakefile
redmine:fetch_changesets RAILS_ENV=production");
}
I'm getting "Insecure operation - chdir":
$ ./update-redmine
rake aborted!
Insecure operation - chdir
/usr/lib/ruby/1.8/rake.rb:2364:in `chdir'
(See full trace by running task with --trace)
When I added --trace to the command, I get:
$ ./update-redmine
rake aborted!
Insecure operation - chdir
/usr/lib/ruby/1.8/rake.rb:2364:in `chdir'
/usr/lib/ruby/1.8/rake.rb:2364:in `find_rakefile_location'
/usr/lib/ruby/1.8/rake.rb:2368:in `raw_load_rakefile'
/usr/lib/ruby/1.8/rake.rb:2017:in `load_rakefile'
/usr/lib/ruby/1.8/rake.rb:2068:in `standard_exception_handling'
/usr/lib/ruby/1.8/rake.rb:2016:in `load_rakefile'
/usr/lib/ruby/1.8/rake.rb:2000:in `run'
/usr/lib/ruby/1.8/rake.rb:2068:in `standard_exception_handling'
/usr/lib/ruby/1.8/rake.rb:1998:in `run'
/usr/bin/rake:28
Anybody know what's up with this? Also, is this totally unsafe? I
don't know how safe a program rake is (e.g., can one set env vars to
get it to do arbitrary actions?). Not actually putting this into
deployment on anything but my own box, but would just be good for me
to know, and I'm mostly curious about my original question. Thanks in
advance for any answers.