Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007651OCamlstandard librarypublic2017-10-05 09:552017-10-05 10:33
Reporterksk 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionno change required 
PlatformOSMac OS XOS Version10.12.6
Product Version4.05.0 
Target VersionFixed in Version 
Summary0007651: unix.cma ignores the sticky bit.
DescriptionWhen the executable file is compiled with unix.cma,
Unix.getuid and Unix.geteuid return the same value
even if the file has the sticky bit and is run by a non-owner.
Unix.geteuid must return the owner's uid.

This can be observed even for a Linux platform CentOS 6.
Steps To Reproduce1. Save the following program as suidtest.ml
  let () = Format.printf "uid=%d@.euid=%d@." (Unix.getuid()) (Unix.geteuid())

2. Compile with unix.cma and set the sticky bit to it.
  ocamlc -o suidtest unix.cma suidtest.ml
  chmod u+s suidtest

3. Execute it as the root.
  sudo ./suidtest

Then the output is:
uid=0
euid=0

If it is compiled with unix.cmxa as a native code like:
  ocamlopt -o suidtest unix.cmxa suidtest.ml
then the result is correctly
uid=0
euid=503
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0018483)
xleroy (administrator)
2017-10-05 10:33

Bytecode executables generated by ocamlc are #!-scripts for the ocamlrun bytecode interpreter. Most if not all Unix kernels ignore setuid bits on scripts, and probably for good security reasons.

If you want to write a setuid application in OCaml, compile it to a real executable using "ocamlopt" or even "ocamlc -custom".

- Issue History
Date Modified Username Field Change
2017-10-05 09:55 ksk New Issue
2017-10-05 10:33 xleroy Note Added: 0018483
2017-10-05 10:33 xleroy Status new => resolved
2017-10-05 10:33 xleroy Resolution open => no change required


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker