Xref: utzoo comp.unix.wizards:7155 comp.bugs.sys5:381 Path: utzoo!mnetor!uunet!husc6!linus!heart-of-gold!jc From: jc@heart-of-gold (John M Chambers x7780 1E342) Newsgroups: comp.unix.wizards,comp.bugs.sys5 Subject: Re: Guide to writing secure setuid programs? Message-ID: <127@heart-of-gold> Date: 17 Mar 88 21:34:49 GMT References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP> <239@piring.cwi.nl> Organization: Mitre Corp, Bedford, MA, USA Lines: 43 Summary: Is it even possible to "write a setuid program"? > And, of course, the general rule is not to write setuid programs > in the first place, but that has been handled by other people. One question I have: To my knowledge, there does not actually exist a way to "write a setuid program". Yes, of course, I know how to type: chmod 6755 foo I claim that this does not constitute "writing a setuid program". What it does is take an existing non-setuid program (that is already written and compiled) and make it into a setuid program. But when the programmer wrote it, it wasn't setuid. Lest people think I am being facetious, I'd like to point out that there is an important point at work here. When writing a program, I don't know whether it will be setuid. So how can I follow the above advice? (Obviously, by not writing any programs! :-) When I write a line of code, how do I determine whether it is in a setuid program? There is one sense in which I could conceive of actually writing a setuid program. If there were a way to test at run time whether the program (well, actually the process, but you know what I mean) is setuid: if (setuid(getpid())) { <> } else { <> } Can anyone show me the source for setuid()? I suspect that you can't, but I'd like someone to explain how stupid I'm being and how easy it is. For a further argument, consider the alternative: #if SETUID <> #else <> #endif I contend that there is no way for the C preprocessor to correctly implement the above #if command. I'd be very interested in being proved incorrect.