setting permissions
lindsay at watnext.waterloo.edu
lindsay at watnext.waterloo.edu
Sat Aug 19 08:52:38 AEST 1989
From: Lindsay Patten <lindsay at watnext>
The following program illustrates how to do what I think you
want to do. Chown it to root and chmod it.
main()
{
printf("ruid = %d, euid = %d\n", getuid(), geteuid());
if(chroot("/tmp"))
perror("chroot");
if(seteuid(getuid()))
perror("seteuid");
if(fopen("/tmp/test","w") == 0)
perror("fopen");
printf("ruid = %d, euid = %d\n", getuid(), geteuid());
}
By using chmod u+s the euid gets set to the owner of the file,
the ruid remains that of the real user. After the seteuid(getuid())
call the process will have
euid == ruid == (uid of process that called the program)
and will be unable to ever regain it's setuid status. Thus there
is no security risk provided the program itself is not tampered with.
The file will appear in /tmp/tmp/test.
Cheers,
Lindsay
More information about the Comp.unix
mailing list