Date: Wed, 9 May 2001 04:20:44 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: Kris Kennaway <kris@obsecurity.org>, audit@FreeBSD.ORG Subject: Re: ping6 fixes Message-ID: <Pine.BSF.4.21.0105090401450.12449-100000@besplex.bde.org> In-Reply-To: <20010508152816.A58026@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 8 May 2001, Ruslan Ermilov wrote: > On Tue, May 08, 2001 at 04:03:48AM -0700, Kris Kennaway wrote: > [...] > > + > > + /* revoke root privilege */ > > + seteuid(getuid()); > > + setuid(getuid()); > > > > /* > > optval = 1; > > I still think seteuid() here is superfluous, but see below. > > I've just checked that OpenBSD's setuid() behaves differently, > as mandated by recent POSIX specs. The differences are as > follows: This doesn't seem to be anything recent. I'll check again tomorrow when I'm awake. Does POSIX now mandate _BROKEN^W_POSIX_SAVED_IDS? > ... > > Under OpenBSD, the attached program succeeds: None was attached :-). > seteuid() to the fake (12345) UID > setuid() to the real (1010) UID > seteuid() back to the saved (0) UID > > Under FreeBSD, it fails with: > > seteuid() to the fake (12345) UID > setuid() to the real (1001) UID > seteuid() back to the saved (0) UID > setuid: seteuid: Operation not permitted I think I now understand the purpose of seteuid() before seteuid(). It is to set the euid to a value such that the process has "appropriate privilege" for setuid() to set all the ids. "Appropriate privilege" is implementation-defined and context-dependent. FreeBSD defines it such that everyone has it for the context of setuid() to their real uid, so setuid(getuid()) always works "right". IIRC, this is mainly so that setuid(getuid()) can work at all (when ruid != euid) in the !_POSIX_SAVE_IDS case. When it works, it works "right" -- it must set the euid, and it should set any (non-POSIX) saved ids so that it works the same as on systems without any saved ids. I think this is all POSIX.1-199[0-6] conformant. BSD4.4-style saved ids can be viewed as things that control "appropriate privilege". Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105090401450.12449-100000>