From owner-freebsd-questions@FreeBSD.ORG Wed Jan 23 21:52:00 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5091CBBF for ; Wed, 23 Jan 2013 21:52:00 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1153422E for ; Wed, 23 Jan 2013 21:51:59 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Ty8Ew-0008Ls-7N for freebsd-questions@freebsd.org; Wed, 23 Jan 2013 22:52:14 +0100 Received: from 79-139-19-75.prenet.pl ([79.139.19.75]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 23 Jan 2013 22:52:14 +0100 Received: from jb.1234abcd by 79-139-19-75.prenet.pl with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 23 Jan 2013 22:52:14 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: jb Subject: Re: Setuid binaries and File Ownerships in FreeBSD9.0 Date: Wed, 23 Jan 2013 21:51:41 +0000 (UTC) Lines: 38 Message-ID: References: <201301232026.r0NKQGqF070301@x.it.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 79.139.19.75 (Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20130109 Firefox/10.0.12) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 21:52:00 -0000 Martin McCormick dc.cis.okstate.edu> writes: > > The executable in question is a C program whos file > permissions are 4755 and the file belongs to root so all files > it opens are also owned by root and that works properly, but > what I need is for this application to first open a few files owned by > the caller and then later, upgrade back to root and write to > files the caller can not write to. I was hoping to avoid using > chown and chgrp and simply let the privilege level of the > application dictate ownership of any file it opens. > > When the application first runs, it gets the UID and GID > of the user and uses > > setuid(heruid); and setgid(hergid); to temporarily downgrade and > those files are owned by the right user but setuid(0); doesn't > appear to upgrade back to root. > > Is there any other strategy that gets one back to root > short of using chown and then a system call and never > downgrading privilege? > > Thank you. Unix processes have an effective (EUID, EGID), a real (UID, GID) and a saved (SUID, SGID) ID. Get familiar with this document: http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Then verify its validity on your target and current OS. jb