OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 7:13 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Which UIDs should setuid attribute set?
PostPosted: Sat Apr 04, 2015 4:19 pm 
Offline
Member
Member

Joined: Sat Oct 16, 2010 3:38 pm
Posts: 587
I tried googling this and all i'm getting is that the setuid attribute shall set the user to the owner. But which UIDs should I actually set? Just the effective UID? Or also the real UID and saved-set-UID?

I'm guessing that it should be just effective, because otherwise programs like "sudo" wouldn't be able to tell who started them. But then again, the real UID must be set for things like "kill" to work.

So how am I supposed to do this? Also please give me a source if possible, because I actually cannot find what POSIX says about this (looking at some sudo code, it seems to assume that the real UID is of the user who actually started the process).


Top
 Profile  
 
 Post subject: Re: Which UIDs should setuid attribute set?
PostPosted: Mon Apr 06, 2015 5:10 am 
Offline
Member
Member

Joined: Mon Apr 09, 2007 12:10 pm
Posts: 775
Location: London, UK
It sets all 3. seteuid() was designed to just set the effective uid. See the notes here for more info on how to handle the case of kill().

Regards,
John.

_________________
Tysos | rpi-boot


Top
 Profile  
 
 Post subject: Re: Which UIDs should setuid attribute set?
PostPosted: Tue Apr 07, 2015 5:40 am 
Offline
Member
Member

Joined: Sat Oct 16, 2010 3:38 pm
Posts: 587
I know that setuid() function sets all 3, i was asking about the setuid attribute (mask 04000). Thats the one that executables like sudo need to get root permissions.


Top
 Profile  
 
 Post subject: Re: Which UIDs should setuid attribute set?
PostPosted: Tue Apr 07, 2015 8:51 am 
Offline
Member
Member

Joined: Mon Apr 09, 2007 12:10 pm
Posts: 775
Location: London, UK
Apologies, I should read more carefully. The same reference holds however (see the discussion of System V in the rationale) however it acts like the 2nd case, i.e. being called by an unprivileged user and only sets the effective uid (also see here).

kill requires that the real or effective uid of the sending process is equal to the real or saved setuid of the receiving process (or that kill is run as root), thus just setting the effective uid should also work.

Regards,
John.

_________________
Tysos | rpi-boot


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 18 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group