[scponly] scponlyc - why not give up root priveleges completly?

Lupe Christoph lupe at lupe-christoph.de
Fri Jul 2 06:19:08 EDT 2004 

On Friday, 2004-07-02 at 11:33:28 +0200, Dominik Schwald wrote:

> Could it be that setuid and seteuid are doing different things on 
> different unix systems?

NOOOOOOO!!!!! ;-)

This is POSIX territory, I hope. So it should be nailed fast.

> i wrote two small c programms to test the behavior of the two functions 
> on my linux system and the effect was:
> - using seteuid one could regain root
> - using setuid it was impossible to regain root

That is correct behaviour.

> as i don't have access to a *bsd box, perhaps someone else could check 
> the behavior there.

Same:

------------------------------------------------------------------------
# ./giveUpRoot_seteuid 
the current uid is 0 - the euid is 0

trying to set uid to 1000 using seteuid(1000)called: seteuid(1000) successful

the current uid is 0 - the euid is 1000

trying to set uid back to 0 using seteuid(0)called: seteuid(0) successful

the current uid is 0 - the euid is 0

# ./giveUpRoot_setuid
the current uid is 0 - the euid is 0

trying to set uid to 1000 using setuid(1000)called: setuid(1000) successful

the current uid is 1000 - the euid is 1000

trying to set uid back to 0 using setuid(0)setuid(0) call was NOT successful! error: -1

the current uid is 1000 - the euid is 1000

I could also run this on Solaris, but that is not necessary, I believe.

------------------------------------------------------------------------

For your reference, here are the relevant paragraphs from the FreeBSD
(4.10, BTW) manpage:

     The setuid() function sets the real and effective user IDs and the saved
     set-user-ID of the current process to the specified value.  The setuid()
     function is permitted if the specified ID is equal to the real user ID or
     the effective user ID of the process, or if the effective user ID is that
     of the super user.

     The seteuid() function (setegid()) sets the effective user ID (group ID)
     of the current process.  The effective user ID may be set to the value of
     the real user ID or the saved set-user-ID (see intro(2) and execve(2));
     in this way, the effective user ID of a set-user-ID executable may be
     toggled by switching to the real user ID, then re-enabled by reverting to
     the set-user-ID value.  Similarly, the effective group ID may be set to
     the value of the real group ID or the saved set-group-ID.

HTH,
Lupe Christoph
-- 
| lupe at lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |

More information about the scponly mailing list