guy@auspex.auspex.com (Guy Harris) (05/25/91)
>You said "yes" when build asked whether you could do setuid(geteuid()). >Wrong. (On SunOS, yet... sigh.) Really? I tried running a program that read: main() { printf("ruid %d, euid %d\n", getuid(), geteuid()); if (setuid(geteuid()) < 0) perror("setuid"); else printf("ruid %d, euid %d\n", getuid(), geteuid()); } set-UID to "bin", while running as myself, and on both a 4.0.3 and a 4.1.1 machine it printed: ruid 126, euid 3 ruid 3, euid 3 so it did, indeed, set the real UID to match the effective UID, which is exactly what "setuid(geteuid())" is supposed to do. It did the same when I ran it as "root": ruid 0, euid 3 ruid 3, euid 3 and when it was set-UID to "root" and run as me: ruid 126, euid 0 ruid 0, euid 0
henry@zoo.toronto.edu (Henry Spencer) (05/26/91)
In article <8028@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes: >>You said "yes" when build asked whether you could do setuid(geteuid()). >>Wrong. (On SunOS, yet... sigh.) > >Really? I tried running a program [to check this]... I must admit the original report surprised me, but the stories I hear about 4.1.1 are enough to make me believe almost anything... Looks like this one was a false alarm with some other cause, though. -- "We're thinking about upgrading from | Henry Spencer @ U of Toronto Zoology SunOS 4.1.1 to SunOS 3.5." | henry@zoo.toronto.edu utzoo!henry
clewis@ferret.ocunix.on.ca (Chris Lewis) (05/26/91)
In article <8028@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes: >>You said "yes" when build asked whether you could do setuid(geteuid()). >>Wrong. (On SunOS, yet... sigh.) >Really? I tried running a program that read: > [program omitted] >so it did, indeed, set the real UID to match the effective UID, which is >exactly what "setuid(geteuid())" is supposed to do. I installed cnews on a Sun 4/470, and consulted the setuid() manual on this very question. There is apparently a configuration parameter that enables/ disables this. It was called something like _POSIX_SUID. -- Chris Lewis, Phone: (613) 832-0541, Domain: clewis@ferret.ocunix.on.ca UUCP: ...!cunews!latour!ecicrl!clewis; Ferret Mailing List: ferret-request@eci386; Psroff (not Adobe Transcript) enquiries: psroff-request@eci386 or Canada 416-832-0541. Psroff 3.0 in c.s.u soon!
karish@mindcraft.com (Chuck Karish) (05/29/91)
In article <2072@ecicrl.ocunix.on.ca> clewis@ferret.ocunix.on.ca (Chris Lewis) writes: >In article <8028@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes: >>>You said "yes" when build asked whether you could do setuid(geteuid()). >>>Wrong. (On SunOS, yet... sigh.) >>exactly what "setuid(geteuid())" is supposed to do. > >I installed cnews on a Sun 4/470, and consulted the setuid() manual on this >very question. There is apparently a configuration parameter that enables/ >disables this. It was called something like _POSIX_SUID. The Sun manual page gives both a DESCRIPTION and a SYSTEM V DESCRIPTION. It also provides the following NOTE, which may apply to either or both of the DESCRIPTIONs: For setuid() to behave as described above, {_POSIX_SAVED_IDS} must be in effect (see sysconf(2V)). {_POSIX_SAVED_IDS} is always in effect on SunOS systems, but for portability, applications should call sysconf() to determine whether {_POSIX_SAVED_IDS} is in effect for the current system. {_POSIX_SAVED_IDS} is a property of the operating system. It may or may not be settable as a kernel parameter, depending on the OS. There, is that all clear now? -- Chuck Karish karish@mindcraft.com Mindcraft, Inc. (415) 323-9000