Date: Wed, 23 Jan 2013 14:51:13 -0600 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Setuid binaries and File Ownerships in FreeBSD9.0 Message-ID: <51004D41.2070609@cyberleo.net> In-Reply-To: <201301232026.r0NKQGqF070301@x.it.okstate.edu> References: <201301232026.r0NKQGqF070301@x.it.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/23/2013 02:26 PM, Martin McCormick wrote: > The executable in question is a C program whos file > permissions are 4755 and the file belongs to root so all files > it opens are also owned by root and that works properly, but > what I need is for this application to first open a few files owned by > the caller and then later, upgrade back to root and write to > files the caller can not write to. I was hoping to avoid using > chown and chgrp and simply let the privilege level of the > application dictate ownership of any file it opens. > > When the application first runs, it gets the UID and GID > of the user and uses > > setuid(heruid); and setgid(hergid); to temporarily downgrade and > those files are owned by the right user but setuid(0); doesn't > appear to upgrade back to root. > > Is there any other strategy that gets one back to root > short of using chown and then a system call and never > downgrading privilege? seteuid(2) ? Alternately, open the privileged files before dropping root; you should still be able to write to them afterwards. -- Fuzzy love, -CyberLeo Furry Peace! - http://www.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51004D41.2070609>