On May 28, 6:17=A0pm, Yang Zhang <yanghates... / gmail.com> wrote:
> On Thu, May 27, 2010 at 9:46 PM, Yang Zhang <yanghates... / gmail.com> wrot=
e:
> > When running rake from a suid binary:
>
> > #include <stdlib.h>
> > int main() {
> > =A0return system("rake -f /usr/share/redmine/Rakefile
> > redmine:fetch_changesets RAILS_ENV=3Dproduction");
> > }
>
> > I'm getting "Insecure operation - chdir":
>
> > $ ./update-redmine
> > rake aborted!
> > Insecure operation - chdir
> > /usr/lib/ruby/1.8/rake.rb:2364:in `chdir'
> > (See full trace by running task with --trace)
>
> > When I added --trace to the command, I get:
>
> > $ ./update-redmine
> > rake aborted!
> > Insecure operation - chdir
> > /usr/lib/ruby/1.8/rake.rb:2364:in `chdir'
> > /usr/lib/ruby/1.8/rake.rb:2364:in `find_rakefile_location'
> > /usr/lib/ruby/1.8/rake.rb:2368:in `raw_load_rakefile'
> > /usr/lib/ruby/1.8/rake.rb:2017:in `load_rakefile'
> > /usr/lib/ruby/1.8/rake.rb:2068:in `standard_exception_handling'
> > /usr/lib/ruby/1.8/rake.rb:2016:in `load_rakefile'
> > /usr/lib/ruby/1.8/rake.rb:2000:in `run'
> > /usr/lib/ruby/1.8/rake.rb:2068:in `standard_exception_handling'
> > /usr/lib/ruby/1.8/rake.rb:1998:in `run'
> > /usr/bin/rake:28
>
> > Anybody know what's up with this? Also, is this totally unsafe? I
> > don't know how safe a program rake is (e.g., can one set env vars to
> > get it to do arbitrary actions?). Not actually putting this into
> > deployment on anything but my own box, but would just be good for me
> > to know, and I'm mostly curious about my original question. Thanks in
> > advance for any answers.
> > --
> > Yang Zhang
> >http://yz.mit.edu/
>
> To add to the confusion, the rake task runs fine from root's crontab.
> I found some information on taint and $SAFE, but it's unclear to me
> why things work via cron but not via a suid binary.

You need to cd into the directory where the Rakefile is since most of
the "file" and other relative tasks like FileUtils will be generated
in pwd.

You can safely avoid that by doing "cd /path/to/app && rake "

--
Luis Lavena