UID / effective UID problem

UID / effective UID problem

Post by Hildo den Breej » Wed, 07 Sep 1994 19:41:48



Hi,

Consider a user U, programs A which is set-uid A, program B is set-uid B.
U, A, and B are all simple mortals. No root-privilege.

Now, U calls A. As part of it's job, A fork/execs B. U should not need to
know that B is involved.

So we have

            real UID       effective UID   saved-set-UID
-------------------------------------------------------------
U's shell       U               U               U

program A       U               A               A

program B       U               B               B

A 'knows' its user U calling, and can check his credentials in , say, A.allow.
I want B to be able to authorize A using it's B.allow. But it can't! It can't
tell that its being called by A.
It does know the original caller was U, but in my situation that's irrelevant.

So, I studied Steven's 'Advanced Programming in the Unix Environment', section
8.10. to find out that BSD has a setreuid(), which can swap the real and
effective uid.
All other calls don't seem to help in this particular problem.

Now it looks like this:

            real UID       effective UID   saved-set-UID
-------------------------------------------------------------
U's shell       U               U               U

program A       U               A               A
  setreuid(..)  A               U               A

program B       A               B               B

That's exactly what I want! B can now whether A has the right to call B.
U is no longer visible!

Great. But *sigh*, it's not in XPG4, which is our portability goal.

So here's the question:
How can B tell it's A calling, using stuff available in Xopen XPG4 ??

Any hints are very much appreciated!

--

Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.

 
 
 

UID / effective UID problem

Post by Chris Bitme » Sat, 10 Sep 1994 00:47:06



Quote:>Hi,

>Consider a user U, programs A which is set-uid A, program B is set-uid B.
>U, A, and B are all simple mortals. No root-privilege.

>Now, U calls A. As part of it's job, A fork/execs B. U should not need to
>know that B is involved.

>So we have

>        real UID       effective UID   saved-set-UID
>-------------------------------------------------------------
>U's shell   U               U               U

>program A   U               A               A

>program B   U               B               B

>A 'knows' its user U calling, and can check his credentials in , say, A.allow.
>I want B to be able to authorize A using it's B.allow. But it can't! It can't
>tell that its being called by A.
>It does know the original caller was U, but in my situation that's irrelevant.

My understanding is that A should call setuid(A) before it calls B. Then B
will see:

           A       B       B

which is what you want. A can then do a setuid(U) if necessary.

 
 
 

UID / effective UID problem

Post by Hildo den Breej » Sat, 10 Sep 1994 15:50:55




>>Hi,

>>Consider a user U, programs A which is set-uid A, program B is set-uid B.
>>U, A, and B are all simple mortals. No root-privilege.

>>Now, U calls A. As part of it's job, A fork/execs B. U should not need to
>>know that B is involved.

>>So we have

>>            real UID       effective UID   saved-set-UID
>>-------------------------------------------------------------
>>U's shell       U               U               U

>>program A       U               A               A

>>program B       U               B               B

>>A 'knows' its user U calling, and can check his credentials in , say, A.allow.
>>I want B to be able to authorize A using it's B.allow. But it can't! It can't
>>tell that its being called by A.
>>It does know the original caller was U, but in my situation that's irrelevant.
>My understanding is that A should call setuid(A) before it calls B. Then B
>will see:
>           A       B       B
>which is what you want. A can then do a setuid(U) if necessary.

A's setuid(A) will not change its real UID. The real UID will still be U.
Non-root users can only change the effective UID that way, not the real UID.
So, effectively when A does a setuid(A), nothing happens :-(
--

Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.
 
 
 

UID / effective UID problem

Post by Hildo den Breej » Sat, 10 Sep 1994 20:26:28




>>A's setuid(A) will not change its real UID. The real UID will still be U.
>>Non-root users can only change the effective UID that way, not the real UID.
>>So, effectively when A does a setuid(A), nothing happens :-(
>setuid(A) will change both real and effective uid. (It's POSIX).
>Casper

I am talking about non-root processes, without 'Appropriate Privileges'.

My Posix book (1003.1 - 1990) says in 4.2.2.2 (not verbatim):

    If the process does not have appropriate privileges, but UID is equal
    to the real UID or the saved UID, the setuid() function sets the effective
    UID. The real UID and saved UID remain unchanged.

So, A can do a setuid(A) because A equals the saved UID. The result is that
the effective UID is set to A, *not* the real UID.

I haven't yet tried any of this. Perhaps theory and practice differ ?-)
Still, I'm looking for a solution that is supported by a standard of some
authority.
--

Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.

 
 
 

UID / effective UID problem

Post by Casper H.S. D » Sat, 10 Sep 1994 21:13:38



Quote:>    If the process does not have appropriate privileges, but UID is equal
>    to the real UID or the saved UID, the setuid() function sets the effective
>    UID. The real UID and saved UID remain unchanged.
>So, A can do a setuid(A) because A equals the saved UID. The result is that
>the effective UID is set to A, *not* the real UID.
>I haven't yet tried any of this. Perhaps theory and practice differ ?-)
>Still, I'm looking for a solution that is supported by a standard of some
>authority.

Actually, you're right and have pointed out the major flaw in POSIX
uid handling.  You cannot change the real uid, unless when you're
root.  I was confused.  (Solaris has seteuid(), which changes the
effective uid and setuid(), which also changes the effective uid,
unless when you're root.  That is confusing)

Casper

 
 
 

UID / effective UID problem

Post by Stephen Harr » Sun, 11 Sep 1994 17:54:57



: So, A can do a setuid(A) because A equals the saved UID. The result is that
: the effective UID is set to A, *not* the real UID.

: I haven't yet tried any of this. Perhaps theory and practice differ ?-)
: Still, I'm looking for a solution that is supported by a standard of some
: authority.

Try setreuid(geteuid(),geteuid());

On my Linux system:
  % cat t.c
  main()
  {
    setuid(geteuid());
    system("id");  /* Note only euid is set, not real id. */

    setreuid(geteuid(),geteuid());
    system("id");  /* Note uid is now set */
  }

  % ls -l a.out
  -rws--x--x   1 news     other       15729 Sep 10 08:48 a.out*

  % id
  uid=405(hsw1) gid=1(other) groups=1(other),23(sysadmin)

  % a.out
  uid=405(hsw1) gid=1(other) euid=10(news) groups=1(other),23(sysadmin)
  uid=10(news) gid=1(other) groups=1(other),23(sysadmin)

Dunno how portable the setreuid() is though :-)
--

rgds
Stephen

 
 
 

UID / effective UID problem

Post by Hildo den Breej » Tue, 13 Sep 1994 21:12:27




>: So, A can do a setuid(A) because A equals the saved UID. The result is that
>: the effective UID is set to A, *not* the real UID.
>: I haven't yet tried any of this. Perhaps theory and practice differ ?-)
>: Still, I'm looking for a solution that is supported by a standard of some
>: authority.
>Try setreuid(geteuid(),geteuid());
>On my Linux system:
>  % cat t.c
>  main()
>  {
>    setuid(geteuid());
>    system("id");  /* Note only euid is set, not real id. */
>    setreuid(geteuid(),geteuid());
>    system("id");  /* Note uid is now set */
>  }
>  % ls -l a.out
>  -rws--x--x   1 news     other       15729 Sep 10 08:48 a.out*
>  % id
>  uid=405(hsw1) gid=1(other) groups=1(other),23(sysadmin)
>  % a.out
>  uid=405(hsw1) gid=1(other) euid=10(news) groups=1(other),23(sysadmin)
>  uid=10(news) gid=1(other) groups=1(other),23(sysadmin)
>Dunno how portable the setreuid() is though :-)
>--
>rgds
>Stephen

Yes, setreuid() does the trick. It is not in Posix however :-{
It's Berkeley. A strictly Posix conforming application can't use it.

Thanks anyway
--

Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.

 
 
 

1. effective UID vs. Real UID with su - problem

Experts,

The situation is :
---------------------------------------------------------------------------
sunfire{/home/dxsnezhk}# id
uid=60144(dxsnezhk) gid=1(other)
sunfire{/home/dxsnezhk}# /usr/xpg4/bin/id -u -nr
dxsnezhk
sunfire{/home/dxsnezhk}# whoami
dxsnezhk
sunfire{/home/dxsnezhk}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/home/dxsnezhk}# su -
Password:
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
You have new mail.
sunfire{/}# id
uid=0(root) gid=1(other)
sunfire{/}# /usr/xpg4/bin/id -u -nr
root
sunfire{/}# whoami
root
sunfire{/}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/}# passwd
passwd:  Changing password for dxsnezhk
New password:
sunfire{/}#
---------------------------------------------------------------------------

As you can see, even with su -      my real UID does not change for
some commands? I am coming from HP-UX background and I expect EUID ==
RUID upon
su - . Also, I don't understand why id and who command report
different values. What am I missing ?

Thanks.
Dimitry.

2. Fat32 question

3. setuid to a non-root uid for both effective&real uid

4. Bogus remote printer server

5. problems setting effective UID

6. MMDF, SMTP, & Badhosts on Rel 5.0

7. User Ids (uid) > 65k or 32 bits uids

8. help! i'm locked out of my autostarting XDM!

9. Effective and Real UID and GID

10. Set effective uid?

11. Spawning shells with different effective uid's

12. Switching effective UID based on authentication

13. Effective vs. Real UIDs