Swapping userids
utzoo!decvax!duke!unc!smb
utzoo!decvax!duke!unc!smb
Sat Jan 9 00:30:13 AEST 1982
The simplest scheme I've heard of is the "schizo" system call, which
swaps the real and effective uids and gids. That allows a process to
resume the original permissions, open a file, and then regain its
privileged status.
A separate question is what to do when a setuid program wants to run
another setuid program, especially mkdir. 4BSD (and I think some other
flavors of UNIX) allow setuid(geteuid()); that permits a child process to
assume the appropriate permissions before execing to the second setuid
program. A typical case would be Version B netnews needing to create
a subdirectory of a protected directory owned by 'news'. An idea I've
heard, and which doesn't have any obvious flaws (to me, at least -- but
my mind isn't as twisty as some folks'), is to set the real uid to the
old effective uid when execing a setuid program; in effect, that permits
automatic and unlimited stacking of permissions. But that doesn't answer
Lauren's original question.
More information about the Comp.unix.wizards
mailing list