stein (04/08/83)
#R:root44:-15800:fortune:11600011:000:182 fortune!stein Apr 7 18:31:00 1983 4.1bsd allows setuid(geteuid()) and it doesn't seem to cause any problems. In fact, the notesfile system uses this to create directories owned by the effective user. Mark Stein
guy (04/09/83)
1) setuid(geteuid()) should be permitted; 4.1BSD and USG 5.0 (System V) permit
it.
2) There should be 3 UIDs: the "login" uid (as set when you log in or do an
"su"), the "setuid" uid (set whenever you run an SUID program to the owner of
that program), and the "permissions" uid (set initially to the "login" uid,
passed down, and changed when a "setuid" program is run). Then you could
set the "permissions" uid to either the "login" uid or the "setuid" uid; this
would be an unprivileged function. Setting the "login" uid would be a
privileged function, and the "setuid" uid would be set only by an "exec".
This way, a setuid program which was not setuid 0 could change hats as many
times as it needed to. (For example, you could "uucp" files which were
readable by you but not by "uucp".)
3) UID changes should be stacked like that; that way, a setuid program can
run "mkdir" without screwing up (of course, 4.2BSD has a "mkdir" system call
so you don't have to exec "mkdir").
These are responses to the individual points; all three changes taken together
may either be overkill or be inconsistent.
Guy Harris
RLG Corporation
{seismo,mcnc,we13}!rlgvax!guy