[scponly] scponlyc - why not give up root priveleges completly?
Lupe Christoph
lupe at lupe-christoph.de
Fri Jul 2 06:19:08 EDT 2004
On Friday, 2004-07-02 at 11:33:28 +0200, Dominik Schwald wrote:
> Could it be that setuid and seteuid are doing different things on
> different unix systems?
NOOOOOOO!!!!! ;-)
This is POSIX territory, I hope. So it should be nailed fast.
> i wrote two small c programms to test the behavior of the two functions
> on my linux system and the effect was:
> - using seteuid one could regain root
> - using setuid it was impossible to regain root
That is correct behaviour.
> as i don't have access to a *bsd box, perhaps someone else could check
> the behavior there.
Same:
------------------------------------------------------------------------
# ./giveUpRoot_seteuid
the current uid is 0 - the euid is 0
trying to set uid to 1000 using seteuid(1000)called: seteuid(1000) successful
the current uid is 0 - the euid is 1000
trying to set uid back to 0 using seteuid(0)called: seteuid(0) successful
the current uid is 0 - the euid is 0
# ./giveUpRoot_setuid
the current uid is 0 - the euid is 0
trying to set uid to 1000 using setuid(1000)called: setuid(1000) successful
the current uid is 1000 - the euid is 1000
trying to set uid back to 0 using setuid(0)setuid(0) call was NOT successful! error: -1
the current uid is 1000 - the euid is 1000
I could also run this on Solaris, but that is not necessary, I believe.
------------------------------------------------------------------------
For your reference, here are the relevant paragraphs from the FreeBSD
(4.10, BTW) manpage:
The setuid() function sets the real and effective user IDs and the saved
set-user-ID of the current process to the specified value. The setuid()
function is permitted if the specified ID is equal to the real user ID or
the effective user ID of the process, or if the effective user ID is that
of the super user.
The seteuid() function (setegid()) sets the effective user ID (group ID)
of the current process. The effective user ID may be set to the value of
the real user ID or the saved set-user-ID (see intro(2) and execve(2));
in this way, the effective user ID of a set-user-ID executable may be
toggled by switching to the real user ID, then re-enabled by reverting to
the set-user-ID value. Similarly, the effective group ID may be set to
the value of the real group ID or the saved set-group-ID.
HTH,
Lupe Christoph
--
| lupe at lupe-christoph.de | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |
More information about the scponly
mailing list