FreeBSD Mail Archives

Date:      Wed, 05 Jun 2002 17:41:33 -0700
From:      Lars Eggert <larse@ISI.EDU>
To:        hackers@freebsd.org
Subject:   get/setuid used instead of get/seteuid?
Message-ID:  <3CFEAFBD.8090603@isi.edu>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]
Hi,

there's a large number of system programs that use get/setuid() to limit 
what a non-root user can do (route, killall, ping, etc.)

This may be a really dumb question, but shouldn't they be using 
get/seteuid() instead, to base their decision on the effective uid? 
Otherwise setting the setuid flag on the binary has no effect.

For example, setting the setuid flag on ping (so non-root users can use 
flood pings - I am aware of the security implications, this is for a 
prototype system that will never go live) does not work - ping checks 
the real uid instead.

Or is this deliberate? If so, there's other system programs (e.g. 
reboot) that check the euid instead. (Or is the inconsistency deliberate?)

Can someone shed some light on this?

Thanks,
Lars
-- 
Lars Eggert <larse@isi.edu>           USC Information Sciences Institute

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
���0��0���G0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0���������|\Pw��� �v����~��~�F�Do�o�ӦA��\-��	� ���Cˀ�4�.��)&��{�肋���,z�(ܷر��߈��T7�_'t�xGH^tt/ҹB8��%�t<#�ֲN��V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
����a�JP���M�Ւ�]cѭC+��kS��+wZ�1���gY"�,Y���T�41�
�j����6:~�℩��D���������~�Kؚ�l���=�u(Վ��M?cF��7@����}��T��0��0���G0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0���������|\Pw��� �v����~��~�F�Do�o�ӦA��\-��	� ���Cˀ�4�.��)&��{�肋���,z�(ܷر��߈��T7�_'t�xGH^tt/ҹB8��%�t<#�ֲN��V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
����a�JP���M�Ւ�]cѭC+��kS��+wZ�1���gY"�,Y���T�41�
�j����6:~�℩��D���������~�Kؚ�l���=�u(Վ��M?cF��7@����}��T��0�80���fEr��t��cvE��.�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
000830000000Z
040827235959Z0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300��0
	*�H��
��0�����32�c�	%E>�nx'g��ڈ���D)�c5*mp<�ܮ��to0�3��4q��m���O�e�
�K���a����U�5��u�'��r���װ�����|CBPQ��<�9��T������If-	��k�i�N0L0)U"0 �010UPrivateLabel1-2970U�0�0U0
	*�H��
��1�KG]�q��Sl]y�=��&b�"��"��I�'{9����$����
*8�PU�l�
�L����G�l�X�1B	l�i�+�@]j�y��.%݊���
��Z��<�D�&i�H�Υ����bb��1��0��0��0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30�G0	+��a0	*�H��
	1	*�H��
0	*�H��
	1
020606004133Z0#	*�H��
	1�#��z����P+����&�a0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��*�H��
	1�����0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30�G0
	*�H��
��rcX����u��a
H�nJ��y%�-�O$%�����j���d�(G���}�U"�#�~V	��b'�h�i鷕�����_B/��R�p�F�p��e����d�]�ybܙTA��+������=P��+�|z

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CFEAFBD.8090603>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation