iv@hal6000.UUCP (10/17/89)
/* Written 10:24 am Oct 10, 1989 by van-bc!skl in comp.unix.xenix */ | ------------------- "setuid() in Xenix 2.3.2" ------------------- | | Could some setuid() or Xenix expert please help? | I [ . . . ] need to imitate the seteuid() calls in the code with setuid()'s, | since Xenix doesn't have seteuid(). | | What I need: | | - Start with euid(root). | - ... | - Switch to euid(arbitrary_uid). | - ... | - Revert back to euid(root). | - ... Your basic problem is that setuid() will act differently depending on whether you are root or not. Here's more-or-less how System V setuid() works: if (effective-uid != 0 && (requested-uid == real-uid || requested-uid == remembered-set_uid)) { effective-uid = requested-uid; } else if (effective-uid == 0) { real-uid = requested-uid; effective-uid = requested-uid; remembered-uid = requested-uid; /* Bye-bye privs! */ } else return (EPERM); So, though XENIX would accomodate you if you were using just two UIDs, the fact you wish to be many users via root spells doom for this technique. The only way to do what you wish here is to fork sub-processes, setuid(user) there and exit when done with that user. (I know, I know, oooh, ick!) | Thank you very much for your help. | -- | Samuel Lam <skl@wimsey.bc.ca> or {uunet,ubc-cs}!wimsey.bc.ca!skl Oh, did I help? :-) ---- IV (aka John Elliott IV) Domain: iv@hal6000.Tandy.COM Tandy Systems Software UUCP: ...!texbell!letni!hal6000!iv 900 Two Tandy Center or: ...!decvax!microsoft!trsvax!hal6000!iv Fort Worth, TX 76102 Phone: 817/390-2701; 9:30am-6:00pm CST, M-F [This information was provided by an individual and is not nor should be construed as being provided by Radio Shack or Tandy Corporation. Radio Shack and/or Tandy Corporation have no obligation to support the information provided. I don't think they even know what UNIX is any- more anyway ("Is that like DOS 4.0?"). *sigh* The author will, however, cheerfully accept mail.]
kayvan@mrspoc.Transact.COM (Kayvan Sylvan) (10/21/89)
>>>>> "iv" == iv <iv@hal6000.UUCP> writes:
iv> So, though XENIX would accomodate you if you were using just two UIDs,
iv> the fact you wish to be many users via root spells doom for this
iv> technique. The only way to do what you wish here is to fork
iv> sub-processes, setuid(user) there and exit when done with that user.
iv> (I know, I know, oooh, ick!)
The 'su' program allows people to change to more than two users.
It works because it is setuid to root.
I have programs that use setuid() and setgid() that work fine. They
are all setuid to root (chmod mode 4711) and have to be crafted with
extreme caution to avoid security holes.
---Kayvan
--
Kayvan Sylvan @ Transact Software, Inc. -*- Los Altos, CA (415) 961-6112
Internet: kayvan@Transact.COM -*- UUCP: ...!{apple,pyramid,mips}!mrspoc!kayvan
= Interested in story telling group? Mail yarn-spinners-request@transact.com =