Date: Wed, 11 Dec 1996 01:10:00 +0000 (GMT) From: Scot Elliott <scot@Hades.Org> To: secutiry@freebsd.org Subject: Re: Running sendmail non-suid Message-ID: <Pine.BSF.3.91.961210233636.6465C-100000@Zero-Cool.Hades.Org> Resent-Message-ID: <Pine.BSF.3.91.961211011833.6762B@Zero-Cool.Hades.Org> In-Reply-To: <199612102027.MAA14200@itchy.atlas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 1996, Brant Katkansky wrote: > > One thing I'd like to know is this: Once a process has changed it's effective > UID to something other than root, can it ever change it's effective UID? > > -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) > Software Engineer, ADC > > It depends on how the root process set it's effective user-id... if it used setuid() then all the ids' (effective, real and saved-set) will be set to the new id, and the process will then not be able to change back to root... [this is what login(1) does when a user logs in.] If the set-uid-root executable called seteuid() to set its effective user-id back to that of the real-user id, then the then-unprivilaged program can set it's effective-id back to root at any time using a seteuid() call, because the origional seteuid() did not reset the saved-set-used-id. This is kind of the point - a set-user-id program can use it's extra privilages only when it requires them, and keep to those of the origional user at other times. Scot. --------------------------------------------------------------------------- | Scot Elliott | Please note that any opinions | | MEng Computing IV. | expressed are mine, and not those | | Imperial College, London | of the department or college. | --------------------------------------------------------------------------- | e-mail: s.elliott@ic.ac.uk | IRC nick: PlumbrBoy | | pumpkin@uk.pi.net | "You are everything in my fridge" | ---------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961210233636.6465C-100000>