Relay-Version: version B 2.10.2 9/18/84; site lsuc.UUCP
Posting-Version: version B 2.10.2(pesnta.1.3) 9/5/84; site pesnta.UUCP
Path: lsuc!per!pesnta!earlw
From: earlw@pesnta.UUCP (Earl Wallace )
Newsgroups: pe.cust.general
Subject: setuids on Edition VII
Message-ID: <2701@pesnta.UUCP>
Date: 3 Apr 85 00:53:42 GMT
Date-Received: 3 Apr 85 04:35:26 GMT
Distribution: pe.cust
Organization: Perkin-Elmer DSG, Santa Clara, Calif.
Lines: 56

This is a "UniTip" message.  

I found a problem with some setuid programs owned by non-root users in that, 
when the program is run by root, the effective id is always 0, not the 
effective id of the owner of the program.
This occurs with root users, not mere mortal users.  The results can be 
a real pain -- files owned by root instead of the program owner...

If you want to make the real uid and gid match that of the effective uid/gid,
you must be root (the setuid/setgid calls are ineffective with normal users).

	setgid(getegid());
	setuid(geteuid());	

The above code is almost useless in Edition VII.  The setgid and setuid calls
won't do anything unless your root or the arguments are the real uid/gid 
and the effective uid is always 0 and so is the real uid if your running 
as root.  The only possible change you would
get is that the real gid would be changed to match that of the effective gid;
the gid is ok, it is the group id of the program just as it should be.  The
other change could be to make the effective ids match that of the real.

Ok, now we know what to avoid, how do we make sure the effective uid is 
set to the program owner when we are running as root?  You can compile the
owners name in the program and then do a setuid or you can read the gid
of the file using the stat() system call.  Anyone have another way?

You might want to try this out and see how this works: 

	% login in as a normal user...
	[setuid.c] 
	main()
	{
		 printf("%s uid(%d), gid(%d), euid(%d), egid(%d)\n", 
			getlogin(), getuid(), getgid(), geteuid(), getegid());
		setgid(getegid());
		setuid(geteuid());
		printf("%s uid(%d), gid(%d), euid(%d), egid(%d)\n", 
			getlogin(), getuid(), getgid(), geteuid(), getegid());
	}

	[Makefile]
	setuid:	setuid.c
	 	cc -o setuid setuid.c
 	 	chmod 6555 setuid

	% make
	% su root
	% setuid
	<read results>...

-- 
Earl Wallace
UUCP:   ..!{ihnp4, ucbvax!hplabs, ucbvax!twg}!pesnta!earlw
PHONE:	(408) 727-5540 x230
USMAIL:	Perkin-Elmer Corp., Santa Clara, Calif. 95054