setting an effective uid.

setting an effective uid.

Post by Keith Bas » Sun, 20 Dec 1992 03:25:01

        I posted a previous article asking for information on how to revert
  back to an effective uid after a setuid(getuid()) was done.  (the program
  in question runs setuid to "bbs")

        After tinkering with the uid functions it seems that you can't
  get back the original setuid status after you've changed it. Please correct
  me if I'm wrong.  So what I thought about doing was making a program to
  run setuid to root that will *force* the running program to make its
  effective uid change back to the BBS account.  For example:


        This getbbsprivs program should set the UID of it's parent program
  to the UID of BBS..  I want to know if you can set the uid of another

  email responses welcome.


1. UID / effective UID problem


Consider a user U, programs A which is set-uid A, program B is set-uid B.
U, A, and B are all simple mortals. No root-privilege.

Now, U calls A. As part of it's job, A fork/execs B. U should not need to
know that B is involved.

So we have

            real UID       effective UID   saved-set-UID
U's shell       U               U               U

program A       U               A               A

program B       U               B               B

A 'knows' its user U calling, and can check his credentials in , say, A.allow.
I want B to be able to authorize A using it's B.allow. But it can't! It can't
tell that its being called by A.
It does know the original caller was U, but in my situation that's irrelevant.

So, I studied Steven's 'Advanced Programming in the Unix Environment', section
8.10. to find out that BSD has a setreuid(), which can swap the real and
effective uid.
All other calls don't seem to help in this particular problem.

Now it looks like this:

            real UID       effective UID   saved-set-UID
U's shell       U               U               U

program A       U               A               A
  setreuid(..)  A               U               A

program B       A               B               B

That's exactly what I want! B can now whether A has the right to call B.
U is no longer visible!

Great. But *sigh*, it's not in XPG4, which is our portability goal.

So here's the question:
How can B tell it's A calling, using stuff available in Xopen XPG4 ??

Any hints are very much appreciated!


Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.

2. CS46xx LFE and Center and Rear Speaker support

3. effective UID vs. Real UID with su - problem

4. Help with Exabyte drive!!!

5. setuid to a non-root uid for both effective&real uid

6. I killed my FTP Server!?

7. Set effective uid?

8. Encounter problem with unix98 ptys

9. problems setting effective UID

10. man: can't set effective UID ???

11. Effective and Real UID and GID

12. Spawning shells with different effective uid's

13. Switching effective UID based on authentication