Xref: utzoo comp.unix.wizards:6579 comp.bugs.sys5:330
Path: utzoo!mnetor!uunet!mcvax!rivm!ccement
From: ccement@rivm.UUCP (Martien F v Steenbergen)
Newsgroups: comp.unix.wizards,comp.bugs.sys5
Subject: setuid(2) bug?
Message-ID: <679@rivm05.UUCP>
Date: 16 Feb 88 08:25:21 GMT
Organization: RIVM, Bilthoven, The Netherlands
Lines: 58


According to the (System V) manuals from AT&T, Uniq, Nuxi and
Xenix the chapter about the setuid(2) system call lists:

	"...<Setuid> will fail if the real user ID of the
	calling process is not equal to <uid> and its effective
	user ID is not super-user. [EPERM]..."

If this is true, then the last command in the following sequence
should be unsuccessful (assuming the use of legal user IDs):

	$ pr -n -t setuidbug.c
	    1	extern int errno;
	    2	
	    3	main()
	    4	{
	    5		errno = 0;
	    6		if (setuid(100) == -1)
	    7			perror("setuid");
	    8		return 0;
	    9	}
	$ make setuidbug
	cc -O  setuidbug.c -o setuidbug
	$ chmod u+s setuidbug
	$ id
	uid=100(jim) gid=101(cce)
	$

...at this time jim logs out and john logs in...

	$ ls -l setuidbug
	-rwsr-xr-x   1 jim      cce         3295 Feb 16 09:04 setuidbug
	$ id
	uid=139(john) gid=171(pharm)
	$ setuidbug
	$

This last setuidbug call should result in something like:

	setuid: Not owner

but it doesn't. So there's either a bug in Unix or in the manuals
(or in me?). (This bug won't do you any harm, it results in a no op.)
Comment please.


Martien.
________________________________________________________________
Martien F. van Steenbergen
National Institute of Public Health and Environmental Protection
dept. RIVM/CCE
PO Box 1
3720 BA Bilthoven
The Netherlands

tel: (31) 30 742819
email: ...!mcvax!rivm!martien
___________________________MSDOSN'T_____________________________