Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007651OCamlstandard librarypublic2017-10-05 09:552017-10-05 10:33
Assigned To 
StatusresolvedResolutionno change required 
PlatformOSMac OS XOS Version10.12.6
Product Version4.05.0 
Target VersionFixed in Version 
Summary0007651: unix.cma ignores the sticky bit.
DescriptionWhen the executable file is compiled with unix.cma,
Unix.getuid and Unix.geteuid return the same value
even if the file has the sticky bit and is run by a non-owner.
Unix.geteuid must return the owner's uid.

This can be observed even for a Linux platform CentOS 6.
Steps To Reproduce1. Save the following program as
  let () = Format.printf "uid=%d@.euid=%d@." (Unix.getuid()) (Unix.geteuid())

2. Compile with unix.cma and set the sticky bit to it.
  ocamlc -o suidtest unix.cma
  chmod u+s suidtest

3. Execute it as the root.
  sudo ./suidtest

Then the output is:

If it is compiled with unix.cmxa as a native code like:
  ocamlopt -o suidtest unix.cmxa
then the result is correctly
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
xleroy (administrator)
2017-10-05 10:33

Bytecode executables generated by ocamlc are #!-scripts for the ocamlrun bytecode interpreter. Most if not all Unix kernels ignore setuid bits on scripts, and probably for good security reasons.

If you want to write a setuid application in OCaml, compile it to a real executable using "ocamlopt" or even "ocamlc -custom".

- Issue History
Date Modified Username Field Change
2017-10-05 09:55 ksk New Issue
2017-10-05 10:33 xleroy Note Added: 0018483
2017-10-05 10:33 xleroy Status new => resolved
2017-10-05 10:33 xleroy Resolution open => no change required

Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker