From owner-freebsd-questions@FreeBSD.ORG Wed Jan 23 20:34:58 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A0FC111F for ; Wed, 23 Jan 2013 20:34:58 +0000 (UTC) (envelope-from martin@dc.cis.okstate.edu) Received: from mailhost01.okstate.edu (mailhost08.okstate.edu [139.78.133.14]) by mx1.freebsd.org (Postfix) with ESMTP id 5C2ABDB7 for ; Wed, 23 Jan 2013 20:34:58 +0000 (UTC) Received: from x.it.okstate.edu (x.it.okstate.edu [139.78.2.13]) by mailhost08.okstate.edu (8.14.5/8.14.5) with ESMTP id r0NKQGWv025331 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 23 Jan 2013 14:26:50 -0600 Received: from x.it.okstate.edu (localhost [127.0.0.1]) by x.it.okstate.edu (8.14.5/8.14.5) with ESMTP id r0NKQGqF070301 for ; Wed, 23 Jan 2013 14:26:16 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <201301232026.r0NKQGqF070301@x.it.okstate.edu> From: Martin McCormick To: FreeBSD Questions Subject: Setuid binaries and File Ownerships in FreeBSD9.0 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <70299.1358972776.1@x.it.okstate.edu> Date: Wed, 23 Jan 2013 14:26:16 -0600 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-01-23_06:2013-01-23,2013-01-23,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=adultspam_notspam policy=adultspam score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1211240000 definitions=main-1301230177 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 20:34:58 -0000 The executable in question is a C program whos file permissions are 4755 and the file belongs to root so all files it opens are also owned by root and that works properly, but what I need is for this application to first open a few files owned by the caller and then later, upgrade back to root and write to files the caller can not write to. I was hoping to avoid using chown and chgrp and simply let the privilege level of the application dictate ownership of any file it opens. When the application first runs, it gets the UID and GID of the user and uses setuid(heruid); and setgid(hergid); to temporarily downgrade and those files are owned by the right user but setuid(0); doesn't appear to upgrade back to root. Is there any other strategy that gets one back to root short of using chown and then a system call and never downgrading privilege? Thank you.