Bug with getrusage and seteuid but not setuid?

Bug with getrusage and seteuid but not setuid?

Post by Arjan de V » Tue, 18 Feb 1997 04:00:00



Consider the program below. When started as root on Solaris 2.5.1 it
will report "CPU usage: user 0 sys 0". When using setuid instead of
seteuid it reports a user CPU usage >0 (3 on a Sparc 20 in my case).

Is this a bug?

Arjan

-----------------------------------------------------------------------------
#include <stdio.h>
#include <sys/resource.h>

main () {
    int i;
    long j;
    struct rusage rusage;

    seteuid(60001); /* CPU = 0 */
    /* setuid(60001); */ /* CPU > 0 */

    for (i = 0; i < 20000000; i++)
        j += i;

    getrusage(RUSAGE_SELF, &rusage);
    printf("CPU Usage: user %d sys %d\n",
            (int) rusage.ru_utime.tv_sec, (int) rusage.ru_stime.tv_sec);
    return(0);

Quote:}

--

Origin IT TIS/INS - IntraNet Services        Tel/Fax: (+31 40 27) 86335/83962
Building VN 5.07, P.O. Box 218, 5600 MD  Eindhoven, The Netherlands
Intranet-URL: http://www.nl.cis.philips.com/home/Arjan.deVet/
 
 
 

Bug with getrusage and seteuid but not setuid?

Post by Casper H.S. Dik - Network Security Engine » Wed, 19 Feb 1997 04:00:00



Quote:>Consider the program below. When started as root on Solaris 2.5.1 it
>will report "CPU usage: user 0 sys 0". When using setuid instead of
>seteuid it reports a user CPU usage >0 (3 on a Sparc 20 in my case).
>Is this a bug?
>    seteuid(60001); /* CPU = 0 */
>    getrusage(RUSAGE_SELF, &rusage);

It's an artifact of the getrusage application.

it tries to open /proc/pid and load get the resource usage; unfortunately,
it can't open /proc/pid if the uids don't match sufficiently.

(Though /proc/pid should probably be openable by the process itself always)

In 2.6, process usage is available for all to to as /proc/pid/usage and
the bug is fixed.

Casper

--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

1. setuid vs seteuid

I have a program that runs set uid root (-rwsr-xr-x root) because
it needs to use socket port lower than 1024.  But to prevent
potential abuse, I need to remove its root previlage immediately
after opening the socket.

    if ((server = rresvport(&lport)) < 0) {
        ...
    }
    /* reset effective UID to avoid any potential abuse */
    if (seteuid(getuid()) != 0){
        perror("seteuid");
        exit(1);
    }

I used seteuid for that purpose when I developed the program in
a SunOS system.  When porting to a System V system (HP), there
is only the "setuid" call.  Can anyone explain the difference
and consequence of using "setuid" instead of the "seteuid"?
Is it true that if the program uses "seteuid" only, it can
switch back into root privilage again later but "setuid" is
one way, i.e. once setuid(non-zero), the program cannot setuid(0)
later even if it is directly invoke by root?

2. proxy authentication required

3. Which Solaris 10 "privilege" needed to use setuid()/seteuid() ?

4. I got a problem with the installation of FreeBSD 6.4.2 with maxtor hdd

5. setuid / seteuid

6. When is Turbolinux 3.6 coming out?????????

7. help with setuid / seteuid

8. Getting xdm to run in 1024x768???

9. setuid() and seteuid() problems under Sol2.3

10. setuid, seteuid (problem with ftpd-logging)

11. setuid seteuid and giving a file away by chown ???

12. setuid and seteuid - newbie question

13. setuid() and seteuid() under Sol2.3