earlw@pesnta.UUCP (Earl Wallace ) (04/03/85)
This is a "UniTip" message.
I found a problem with some setuid programs owned by non-root users in that,
when the program is run by root, the effective id is always 0, not the
effective id of the owner of the program.
This occurs with root users, not mere mortal users. The results can be
a real pain -- files owned by root instead of the program owner...
If you want to make the real uid and gid match that of the effective uid/gid,
you must be root (the setuid/setgid calls are ineffective with normal users).
setgid(getegid());
setuid(geteuid());
The above code is almost useless in Edition VII. The setgid and setuid calls
won't do anything unless your root or the arguments are the real uid/gid
and the effective uid is always 0 and so is the real uid if your running
as root. The only possible change you would
get is that the real gid would be changed to match that of the effective gid;
the gid is ok, it is the group id of the program just as it should be. The
other change could be to make the effective ids match that of the real.
Ok, now we know what to avoid, how do we make sure the effective uid is
set to the program owner when we are running as root? You can compile the
owners name in the program and then do a setuid or you can read the gid
of the file using the stat() system call. Anyone have another way?
You might want to try this out and see how this works:
% login in as a normal user...
[setuid.c]
main()
{
printf("%s uid(%d), gid(%d), euid(%d), egid(%d)\n",
getlogin(), getuid(), getgid(), geteuid(), getegid());
setgid(getegid());
setuid(geteuid());
printf("%s uid(%d), gid(%d), euid(%d), egid(%d)\n",
getlogin(), getuid(), getgid(), geteuid(), getegid());
}
[Makefile]
setuid: setuid.c
cc -o setuid setuid.c
chmod 6555 setuid
% make
% su root
% setuid
<read results>...
--
Earl Wallace
UUCP: ..!{ihnp4, ucbvax!hplabs, ucbvax!twg}!pesnta!earlw
PHONE: (408) 727-5540 x230
USMAIL: Perkin-Elmer Corp., Santa Clara, Calif. 95054dave@lsuc.UUCP (David Sherman) (04/03/85)
This has been discussed on net.unix-wizards recently. It's a
design decision in v7 that everyone now agrees was wrong.
The kernel checks to see if you're root when running a setUID
program, and ignores the setting if you are. If you have source,
it's trivial to fix (I did so months ago).
Dave Sherman
The Law Society of Upper Canada
Toronto
--
{utzoo pesnta nrcaero utcs hcr}!lsuc!dave
{allegra decvax ihnp4 linus}!utcsri!lsuc!dave