henry@uunet.UU.NET (04/26/89)
Making a program setuid only changes the "effective" uid, leaving the "real" uid the same. This used to be sufficient to prevent kill from killing it, but apparently not anymore. I wonder if that's a bug or more SVID compliance? ... --wnl It's both: a major mistake, introduced for the sake of SVID compliance. Henry Spencer at U of Toronto Zoology uunet!attcan!utzoo!henry henry@zoo.toronto.edu
mikel@uunet.uu.net (Mikel Lechner) (05/03/89)
bnr-fos!leibniz!hwt@watmath.waterloo.edu (Henry Troup) writes: >X-Sun-Spots-Digest: Volume 7, Issue 221, message 8 of 12 >I'm writing a daemon process under SunOS 4.0. I've made the program >setuid root, it immediately forks, and gets rid of its controlling >terminal. But I can still kill the process from the general user I >started it from. Is this the correct behaviour? You can also do "setuid(geteuid())". This sets both the effective and real userids to the effective userid. This is good practice in all setuid programs unless they require the original user's permissions. Mikel Lechner UUCP: ...!{decwrl,sun}!teraida!mikel Teradyne EDA, Inc. Phone: (408) 980-5200 5155 Old Ironsides Drive Santa Clara, Ca 95054