From: utzoo!decvax!harpo!seismo!rlgvax!guy
Newsgroups: net.unix-wizards
Title: Re: A grumble about setuid
Article-I.D.: rlgvax.209
Posted: Sat Apr  9 00:40:50 1983
Received: Sun Apr 10 01:09:18 1983

1) setuid(geteuid()) should be permitted; 4.1BSD and USG 5.0 (System V) permit
it.

2) There should be 3 UIDs: the "login" uid (as set when you log in or do an
"su"), the "setuid" uid (set whenever you run an SUID program to the owner of
that program), and the "permissions" uid (set initially to the "login" uid,
passed down, and changed when a "setuid" program is run).  Then you could
set the "permissions" uid to either the "login" uid or the "setuid" uid; this
would be an unprivileged function.  Setting the "login" uid would be a
privileged function, and the "setuid" uid would be set only by an "exec".
This way, a setuid program which was not setuid 0 could change hats as many
times as it needed to.  (For example, you could "uucp" files which were
readable by you but not by "uucp".)

3) UID changes should be stacked like that; that way, a setuid program can
run "mkdir" without screwing up (of course, 4.2BSD has a "mkdir" system call
so you don't have to exec "mkdir").

These are responses to the individual points; all three changes taken together
may either be overkill or be inconsistent.

					Guy Harris
					RLG Corporation
					{seismo,mcnc,we13}!rlgvax!guy