From owner-freebsd-hackers Mon Jul 13 21:20:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA13978 for freebsd-hackers-outgoing; Mon, 13 Jul 1998 21:20:55 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from dan.emsphone.com (dan@dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA13973 for ; Mon, 13 Jul 1998 21:20:51 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.8.8/8.8.8) id XAA03325; Mon, 13 Jul 1998 23:20:29 -0500 (CDT) (envelope-from dan) Message-ID: <19980713232028.A3128@emsphone.com> Date: Mon, 13 Jul 1998 23:20:28 -0500 From: Dan Nelson To: Stephen Hocking-Senior Programmer PGS Tensor Perth , hackers@FreeBSD.ORG Subject: Re: How do you tell (within the kernel) if we started setuid? References: <199807140237.KAA10232@ariadne.tensor.pgs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i In-Reply-To: <199807140237.KAA10232@ariadne.tensor.pgs.com>; from "Stephen Hocking-Senior Programmer PGS Tensor Perth" on Tue Jul 14 10:37:46 GMT 1998 X-OS: FreeBSD 2.2.6-STABLE Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [dropped -current list] In the last episode (Jul 14), Stephen Hocking-Senior Programmer PGS Tensor Perth said: > > If you're executing a program that was started setuid root but has > subsequently given up its privileges, is there anyway to tell if it > was originally set uid? >From a quick look at the kernel source, it looks like checking for (p->p_flag & P_SUGID) will do what you want (check to see if the process is 'tainted'). See the issetugid(2) man page for more info, or grep the kernel source for P_SUGID :) -Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message