Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1a 12/4/83; site rlgvax.UUCP
Path: utzoo!linus!security!genrad!mit-eddie!mit-vax!eagle!harpo!seismo!rlgvax!guy
From: guy@rlgvax.UUCP (Guy Harris)
Newsgroups: net.unix-wizards
Subject: Re: Access rights for suid programs. - (nf)
Message-ID: <1492@rlgvax.UUCP>
Date: Wed, 21-Dec-83 02:38:52 EST
Article-I.D.: rlgvax.1492
Posted: Wed Dec 21 02:38:52 1983
Date-Received: Fri, 23-Dec-83 01:34:34 EST
References: <2065@fortune.UUCP>
Organization: CCI Office Systems Group, Reston, VA
Lines: 31

Note 1: The effective UID is what is used both as the user ID to determine
permissions (including super-user privileges) and as the user ID which will
own all files created by the process.  The real UID is used only for:

	1) kernel accounting
	2) dropping cores; if real UID != effective UID, no "core" file
	   is created if the process gets a signal that would normally
	   cause a "core" file to be written
	3) various other UNIX-version dependent things

Note 2: System V provides much of what is needed.  The rules are:

	You (i.e., any program, whether it has super-user privileges or
	not) may set your effective uid to any non-superuser ID that is
	either:
		your real uid
	or:
		the uid your program was originally set-UID to
This does NOT set the real UID, only the effective UID.  In effect, you can
switch back and forth between having the privileges of (and creating files
owned by) the original user and having the privileges of the set-UID user.

Only the superuser can set the real uid.

This is not documented; after all, if all the useful features were
documented, would it be UNIX?  It is, however, closer to the right way
to do it than the old way, as it permits a program to alternate between
using the privileges of the "real" and "set-UID" UID.

	Guy Harris
	{seismo,ihnp4,allegra}!rlgvax!guy