Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ut-sally.UUCP
Path: utzoo!decvax!decwrl!pyramid!ut-sally!std-unix
From: std-unix@ut-sally.UUCP (Moderator, John Quarterman)
Newsgroups: mod.std.unix
Subject: Re:  Clearing environment on exec of setuid process
Message-ID: <4141@ut-sally.UUCP>
Date: Sat, 8-Feb-86 03:18:25 EST
Article-I.D.: ut-sally.4141
Posted: Sat Feb  8 03:18:25 1986
Date-Received: Sun, 9-Feb-86 00:54:42 EST
References: <4128@ut-sally.UUCP> <4106@ut-sally.UUCP> <4029@ut-sally.UUCP>
Organization: IEEE/P1003 Portable Operating System Environment Committee
Lines: 24
Approved: jsq@sally.UUCP

>From: seismo!gatech!akgua!pegasus!hansen (Tony Hansen)
Sat Feb  8 00:48:16 1986
Date: Sat, 8 Feb 86 00:31:29 EST
Organization: AT&T-IS Labs, Lincroft, NJ

< The answer is only to do limited operations when in setuid.  The best
< way to do this would be to allow processes to painlessly shift back and
< forth between their real-uid and effective-uid.  This is allowed, but
< not documented on BSD, but appears not to be allowed at all on SV.

System Vr2 allows a non-root setuid process to call setuid(2) with either
the real uid or the saved effective uid, allowing the process to painlessly
switch back and forth. This change occurred between System V and Vr2.

One slight difference is that Vr2 non-root setuid(2) sets the effective uid
and not the real uid. Only a root setuid(2) will change the real uid as
well; which can't then be changed back.

					Tony Hansen
					ihnp4!pegasus!hansen



Volume-Number: Volume 5, Number 43