setuid program has more permissions than it should

setuid program has more permissions than it should

Post by Andy Burge » Thu, 02 Mar 1995 00:54:58



Here is a small C program that illustrates my problem. This program
should not be able to create the file 'foo' because it (as nobody.nogroup)
does not have write permission in the directory. Yet it does create the
file.  Clearly the uid is changing as the file is created with the expected
owner and group. What am I missing?

/*
cc pload.c
chmod 711 a.out
asroot chown nobody.nogroup a.out
asroot chmod u+s,g+s a.out
ls -l a.out
*/

#include <fcntl.h>

main()
{
        printf("pload running\n");
        printf("uid=%d euid=%d gid=%d egid=%d\n",
          getuid(), geteuid(), getgid(), getegid() );
        if(setuid(geteuid()))
          perror("setuid");
        if(setgid(getegid()))
          perror("setgid");
        printf("uid=%d euid=%d gid=%d egid=%d\n",
          getuid(), geteuid(), getgid(), getegid() );
        if(open("foo", O_WRONLY | O_CREAT, 0777) == -1)
          perror("open foo");
        system("ls -lgd . foo");
        unlink("foo");
        printf("pload exiting\n");

Quote:}

And the output:

pload running
uid=20 euid=65534 gid=101 egid=65534
uid=65534 euid=65534 gid=65534 egid=65534
drwxrwx---  7 aab      devel        9216 Feb 28 07:42 .
-rwxrwx---  1 nobody   nogroup         0 Feb 28 07:42 foo
pload exiting

Thank you very much.

--

"The mere act of drinking beer in an attempt to measure your tolerance
 is likely to affect your impression of how many beers you've drunk."
This is known as The Heineken Uncertainty Principle.

 
 
 

1. setuid program has more permissions than it should

Here is a small C program that illustrates my problem. This program
should not be able to create the file 'foo' because it (as nobody.nogroup)
does not have write permission in the directory. Yet it does create the
file.  Clearly the uid is changing as the file is created with the expected
owner and group. What am I missing?

BTW this is SunOS 4.1.3 but it will be ported to the usual dozen most popular
unix platforms (HP, DEC, IBM, etc)

/*
cc pload.c
chmod 711 a.out
asroot chown nobody.nogroup a.out
asroot chmod u+s,g+s a.out
ls -l a.out
*/

#include <fcntl.h>

main()
{
        printf("pload running\n");
        printf("uid=%d euid=%d gid=%d egid=%d\n",
          getuid(), geteuid(), getgid(), getegid() );
        if(setuid(geteuid()))
          perror("setuid");
        if(setgid(getegid()))
          perror("setgid");
        printf("uid=%d euid=%d gid=%d egid=%d\n",
          getuid(), geteuid(), getgid(), getegid() );
        if(open("foo", O_WRONLY | O_CREAT, 0777) == -1)
          perror("open foo");
        system("ls -lgd . foo");
        unlink("foo");
        printf("pload exiting\n");

And the output:

pload running
uid=20 euid=65534 gid=101 egid=65534
uid=65534 euid=65534 gid=65534 egid=65534
drwxrwx---  7 aab      devel        9216 Feb 28 07:42 .
-rwxrwx---  1 nobody   nogroup         0 Feb 28 07:42 foo
pload exiting

Thank you very much.
--
Andy Burgess

2. IP Masquerade and Timeouts

3. Need help with setuid() problems on 386/ix with setuid root program.

4. Cannot mount AFFS SCSI hdd on Linux 2.4.0

5. Setuid on shell scripts and permissions problem

6. having trouble on Xwin desktop

7. setuid setguid permissions query (reprise)

8. Compaq Ethernet adapter driver

9. setuid/permissions puzzle

10. "useradd" permission denied with Setuid Perl script.

11. setuid executable, permission raised sometimes and not others

12. setuid permissions...I just dont understand.

13. Setuid on shell scripts and permissions problem