From owner-freebsd-security@FreeBSD.ORG Sun Oct 7 18:39:14 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F7C716A419 for ; Sun, 7 Oct 2007 18:39:14 +0000 (UTC) (envelope-from SRS0=zt7abC=PB=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailout05.yourhostingaccount.com (mailout05.yourhostingaccount.com [65.254.253.42]) by mx1.freebsd.org (Postfix) with ESMTP id 46D6713C448 for ; Sun, 7 Oct 2007 18:39:14 +0000 (UTC) (envelope-from SRS0=zt7abC=PB=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailscan08.yourhostingaccount.com ([10.1.15.8] helo=mailscan08.yourhostingaccount.com) by mailout05.yourhostingaccount.com with esmtp (Exim) id 1Ieb21-0000yt-64 for freebsd-security@freebsd.org; Sun, 07 Oct 2007 14:39:13 -0400 Received: from impout02.yourhostingaccount.com ([10.1.55.2] helo=impout02.yourhostingaccount.com) by mailscan08.yourhostingaccount.com with esmtp (Exim) id 1Ieb21-00052f-0W; Sun, 07 Oct 2007 14:39:13 -0400 Received: from authsmtp10.yourhostingaccount.com ([10.1.18.10]) by impout02.yourhostingaccount.com with NO UCE id xWfD1X0010D2B7u0000000; Sun, 07 Oct 2007 14:39:13 -0400 X-EN-OrigOutIP: 10.1.18.10 X-EN-IMPSID: xWfD1X0010D2B7u0000000 Received: from c-98-206-161-17.hsd1.il.comcast.net ([98.206.161.17] helo=vixen42) by authsmtp10.yourhostingaccount.com with esmtpa (Exim) id 1Ieb20-0005TE-Jf; Sun, 07 Oct 2007 14:39:12 -0400 Date: Sun, 7 Oct 2007 13:39:17 -0500 From: "Zane C.B." To: Kostik Belousov Message-ID: <20071007133917.73b5f665@vixen42> In-Reply-To: <20071007180402.GI2180@deviant.kiev.zoral.com.ua> References: <20071007105258.2d4c2e37@vixen42> <47090895.9050202@nruns.com> <20071007122805.3853bffe@vixen42> <20071007180402.GI2180@deviant.kiev.zoral.com.ua> X-Mailer: Claws Mail 3.0.1 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EN-UserInfo: 0d1ca1697cdb7a831d4877828571b7ab:1570f0de6936c69fef9e164fffc541bc X-EN-AuthUser: vvelox2 Sender: "Zane C.B." X-EN-OrigIP: 98.206.161.17 X-EN-OrigHost: c-98-206-161-17.hsd1.il.comcast.net Cc: freebsd-security@freebsd.org, Jan M?nther Subject: Re: issetugid() for other procs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Oct 2007 18:39:14 -0000 On Sun, 7 Oct 2007 21:04:02 +0300 Kostik Belousov wrote: > On Sun, Oct 07, 2007 at 12:28:05PM -0500, Zane C.B. wrote: > > On Sun, 07 Oct 2007 18:25:57 +0200 > > Jan M?nther wrote: > > > > > man getuid, man geteuid. > > > > This does work for other procs, only the one that is calling it. > > > > Like I said initially I am looking to check if another proc has > > run setuid, seteuid, or been executed or forked by one that has. > > Note that what you trying to do is racy by definition. Why is that? It seems like something that be useful instead of something taboo. My interest in it is I am writing a database connector interested in making it paranoid as possible. > To get the value of issetugid() for some other process, as it > _could_ be returned at some moment in a time, you shall check the > P_SUGID bit of the p_flag from the corresponding struct proc. This > is available by the kvm_getprocs(3) interface in the ki_flag field > of the kinfo_proc structure, see corresponding man page. Awesome, I will begin investigating this.