Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 May 2001 15:28:16 +0300
From:      Ruslan Ermilov <ru@FreeBSD.ORG>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        audit@FreeBSD.ORG
Subject:   Re: ping6 fixes
Message-ID:  <20010508152816.A58026@sunbay.com>
In-Reply-To: <20010508040347.A93281@xor.obsecurity.org>; from kris@obsecurity.org on Tue, May 08, 2001 at 04:03:48AM -0700
References:  <20010508040347.A93281@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, May 08, 2001 at 04:03:48AM -0700, Kris Kennaway wrote:
[...]
> +
> +	/* revoke root privilege */
> +	seteuid(getuid());
> +	setuid(getuid());
>  
>  /*
>  	optval = 1;

I still think seteuid() here is superfluous, but see below.

I've just checked that OpenBSD's setuid() behaves differently,
as mandated by recent POSIX specs.  The differences are as
follows:

In FreeBSD, setuid() function sets the real and effective user
IDs and the saved set-user-ID of the current process to the
specified value, if the specified ID is equal to the real user ID
or the effective user ID of the process, or if the effective user
ID is that of the super user.

In OpenBSD, the behavior changes a little.  The setuid() similarly
sets the real and effective user IDs and the saved set-user-ID of
the current process to the specified value, if the effective user
ID is that of the super user, or if the specified user ID is the
same as the effective user ID.  (Here follows the difference.)
If not, but the specified user ID is the same as the real user ID,
setuid() will set the effective user ID to the real user ID.


Under OpenBSD, the attached program succeeds:

seteuid() to the fake (12345) UID
setuid() to the real (1010) UID
seteuid() back to the saved (0) UID

Under FreeBSD, it fails with:

seteuid() to the fake (12345) UID
setuid() to the real (1001) UID
seteuid() back to the saved (0) UID
setuid: seteuid: Operation not permitted


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010508152816.A58026>