System V "saved" user id
rml at hpfcls.UUCP
rml at hpfcls.UUCP
Thu Jun 21 10:06:00 AEST 1984
I posted this several weeks ago, but it apparently never made it to most
of the net. Apologies to those who've seen it before.
System V added the feature of "saving" the effective user id across
calls to setuid(2), to allow set-user-id programs to switch their
effective user id back and forth between their real user id and the id
of the program's owner. From reading the code, I have observed that
this feature only works as documented when neither the real user id nor
effective user id is superuser. When the real user id is superuser (and
the effective user id is not), setuid will always fail. When the
effective user id is superuser (and the real user id is not), the
process can do one setuid to its real user id, but all subsequent setuid
calls will fail. Can anyone tell me why this is so? It would appear
that it is intended to provide some security, but I don't see how it
does anything other than restrict the rights of the superuser to do
things permitted for ordinary users.
Bob Lenk
{hplabs, ihnp4}!hpfcla!rml
More information about the Comp.unix.wizards
mailing list