res@cbnews.ATT.COM (Robert E. Stampfli) (11/11/88)
I always thought that the sequence setuid(getuid()) could never fail, and could always be used to set a process' effective uid equal to its real uid. Every manual page I have seen on setuid() implies this is the case. However, I recently discovered that, when a process is run with the suid bit set and the owner (euid) non-root, that the setuid(getuid()) construct will fail if the process is invoked with uid == 0 (as root). I have tested this and found it fails on a significant number of Unix implementations, but not all of them. When it fails, errno is set to 1. This would seem to cause some subtle problems, as not many programs check for the failure of this construct, and after executing the same, the program continues to execute with an euid of something other than the real uid. It could hardly be classed as a security bug, though, as the results are always more restrictive than they would be if the construct worked. I am curious. Does anyone know why some Unix implmentations would work this way? Is this intentional or is it a latent bug? Please respond directly to me, as I don't usually read this newsgroup. Thanks in advance, Rob Stampfli att!cbnews!res (work) osu-cis!n8emr!kd8wk!res (home)
skl@van-bc.UUCP (Samuel Lam) (10/10/89)
Could some setuid() or Xenix expert please help?
I am trying to port the letest (Rick Adams) version of the Berkeley FTP
server to run on SCO Xenix 386 2.3.2 and need to imitate the seteuid()
calls in the code with setuid()'s, since Xenix doesn't have seteuid().
What I need to be able to do is essentially the following:
- Start with euid(root).
- ...
- Switch to euid(arbitrary_uid).
- ...
- Revert back to euid(root).
- ...
Through the course of the program, the real uid can either remain
root or switches following the euid.
I have already spent part of the night trying out various schemes
which I thought would work, but none of them did -- I always had
trouble switching back to root after switching to the arbitrary
uid. Could someone tell me how this is done?
Thank you very much for your help.
...Sam
--
Samuel Lam <skl@wimsey.bc.ca> or {uunet,ubc-cs}!wimsey.bc.ca!skl