Date: Wed, 23 Jan 2013 14:26:16 -0600 From: Martin McCormick <martin@dc.cis.okstate.edu> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Setuid binaries and File Ownerships in FreeBSD9.0 Message-ID: <201301232026.r0NKQGqF070301@x.it.okstate.edu>
next in thread | raw e-mail | index | archive | help
The executable in question is a C program whos file permissions are 4755 and the file belongs to root so all files it opens are also owned by root and that works properly, but what I need is for this application to first open a few files owned by the caller and then later, upgrade back to root and write to files the caller can not write to. I was hoping to avoid using chown and chgrp and simply let the privilege level of the application dictate ownership of any file it opens. When the application first runs, it gets the UID and GID of the user and uses setuid(heruid); and setgid(hergid); to temporarily downgrade and those files are owned by the right user but setuid(0); doesn't appear to upgrade back to root. Is there any other strategy that gets one back to root short of using chown and then a system call and never downgrading privilege? Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301232026.r0NKQGqF070301>