rayan@cs.toronto.edu (Rayan Zachariassen) (01/15/90)
A year ago or more I asked about how to simulate setreuid() functionality
(i.e. as root set uid to non-root, then back to root) on a System V machine,
and was told by a reliable source that this cannot be done in any AT&T Unix
prior to System V.2.2.1. Well, it seems it cannot be done (with setuid()
anyway) in newer systems either. My understanding was that a 'saved uid'
(the uid of the process on instantiation) would always be kept around for
permissions checking for future setuid() calls. It seems (tested on
ISC 386/ix (SVR3.2) and IRIX3.2 (SVR3.1)) that setuid() behaves the same
way as on BSD systems and resets both real and effective uid (good) but
that there is no saved uid used for permissions checking later on.
Could someone set me straight on this please? How does one flip back and
forth between uid 0 and uid != 0 in a process started by uid 0 on a modern
System V ?
For example, if you compile and run the following program as root, it
should print
uid=0
uid=1
uid=0
according to the new setuid() semantics I was told of.
Thanks,
rayan
--
main()
{
printf("uid=%d\n", getuid());
if (setuid(1) < 0)
perror("setuid(1)");
printf("uid=%d\n", getuid());
if (setuid(0) < 0)
perror("setuid(0)");
printf("uid=%d\n", getuid());
exit(0);
}wrwalke@mcl (wrwalke) (01/15/90)
In article <90Jan14.130354est.2125@neat.cs.toronto.edu>, rayan@cs.toronto.edu (Rayan Zachariassen) writes: > ISC 386/ix (SVR3.2) and IRIX3.2 (SVR3.1)) that setuid() behaves the same > way as on BSD systems and resets both real and effective uid (good) but > that there is no saved uid used for permissions checking later on. > on some BSD (maybe a bug/feature of the port) systems, the real and effective uids don't both change. on the CCI supplied port of 4.2 for the VAX only euid would change, allowing resumption later on. on the port for the Power6, both would change and there was no way to find out what the original uid was. just my $.02 bill. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bill Walker -- PRC Realty (Reality) Systems -- McLean VA uunet!prcrs!wrwalke uunet!prcrs!mcl!wrwalke (wrwalke@prc.com -soon to be) Author, editor, and publisher of my own opinions, all rights reserved.
guy@auspex.auspex.com (Guy Harris) (01/16/90)
>Could someone set me straight on this please? How does one flip back and >forth between uid 0 and uid != 0 in a process started by uid 0 on a modern >System V ? By changing your kernel, or perhaps running S5R4.0 if it has "seteuid()". The problem with the saved set-user ID is that it works only if you're *NOT* running as "root". There are (at least) two separate "set UID" functions you want for UNIX programs: one that sets *only* the effective UID, and that lets you toggle it an indefinite number of times between the real and saved set-user ID, and one that sets *all* the UIDs. The former would be used by most set-UID programs, and the latter would be used by, say, "login" or "su". Unfortunately, both of those functions are called "setuid()" in System V; the way the S5 kernel distinguishes between them is that "setuid()" is the first function if the effective UID isn't 0, and the second function if it is. S5R4 may have picked up "seteuid()" from 4BSD; if so, with any luck it sets only the effective UID, even if the current effective UID is 0.
gwyn@smoke.BRL.MIL (Doug Gwyn) (01/16/90)
In article <90Jan14.130354est.2125@neat.cs.toronto.edu> rayan@cs.toronto.edu (Rayan Zachariassen) writes: >Could someone set me straight on this please? How does one flip back and >forth between uid 0 and uid != 0 in a process started by uid 0 on a modern >System V ? Make the binary owned by UID 0 and turn on its set-UID bit. Then when executed by somebody whose UID is non-zero, setuid() can be used to toggle between the initial EUID of 0 and the invoker's UID.