Setuid function ???

wampire · 12-23-2007, 06:58 AM

Hello everybody

I have written simple code about usage of setuid. this program file set-user-id bit is on and this process after exec when I execute this program, effective user id and saved-user-id bit will be program-file's user id. this correct?

But the last output when I set uid to 80(www) ,effective user id wasn't 80. Why not? saved set user id is still 80? What is the problem?

I compiled below code with gcc and I set-user-id bit and change own file with this command

Code:

 #include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main(void)
{
  
    printf("Real UID\t= %d\n", getuid());
    printf("Effective UID\t= %d\n", geteuid());
    printf("Real GID\t= %d\n", getgid());
    printf("Effective GID\t= %d\n", getegid());
	
	 setuid(1001);
    printf("Real UID\t= %d\n", getuid());
    printf("Effective UID\t= %d\n", geteuid());
    printf("Real GID\t= %d\n", getgid());
    printf("Effective GID\t= %d\n", getegid());

setuid(80);
    printf("Real UID\t= %d\n", getuid());
    printf("Effective UID\t= %d\n", geteuid());
    printf("Real GID\t= %d\n", getgid());
    printf("Effective GID\t= %d\n", getegid());
    return EXIT_SUCCESS;
}

gcc setuid-simple.c -o setuid-simple
#[root] chown www setuid-simple
#[root] chmod 4755 setuid-simple

and output with ls command
-rwsr-xr-x 1 www wheel 5708 23 Ara 11:41 setuid-simple

this is program's output:

Quote:

Real UID = 1001
Effective UID = 80
Real GID = 0
Effective GID = 0
/*setuid(1001)*/
Real UID = 1001
Effective UID = 1001
Real GID = 0
Effective GID = 0
/*setuid(80)*/
Real UID = 1001
Effective UID = 1001
Real GID = 0
Effective GID = 0

brewbuck · 12-23-2007, 09:58 PM

Only root can setuid().

wampire · 12-24-2007, 05:05 AM

Not only root can setuid. Explained here below.

Quote:

If the process has superuser privileges, the setuid function sets the real user ID, effective user ID, and saved set-user-ID to uid.

If the process does not have superuser privileges, but uid equals either the real user ID or the saved set-user-ID, setuid sets only the effective user ID to uid. The real user ID and the saved set-user-ID are not changed.

If neither of these two conditions is true, errno is set to EPERM, and 1 is returned.

**CornedBee** · 12-24-2007, 06:12 AM

What does your second setuid() call return?

brewbuck · 12-24-2007, 11:27 PM

Quote:

Originally Posted by wampire

Not only root can setuid. Explained here below.

Only root can setuid() to any UID you please, which is what OP was trying to do.

**CornedBee** · 12-25-2007, 06:55 AM

It wasn't any UID. It was the one of the user running the program, as you can see from the real UID. And then back to the setuid user.

wampire · 12-25-2007, 12:18 PM

but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.

**CornedBee** · 12-25-2007, 03:58 PM

Actually, your saved uid is 1001, because that's the user who starts the app. Then you do the setuid to 1001, setting the effective uid (which was 80) to 1001. The saved uid doesn't change. Thus, at the time you call setuid(80), ruid, euid and suid are all 1001, so the setuid call fails.

brewbuck · 12-25-2007, 09:17 PM

Quote:

Originally Posted by wampire

but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.

Look at the printf's. The real and effective UID are both 1001. How on earth do you expect to be able to setuid(80)?

brewbuck · 12-25-2007, 09:18 PM

Quote:

Originally Posted by wampire

but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.

At the point the real and effective UIDs became 1001, the number "80" lost all significance whatsoever and became "any UID you please."

12-23-2007, 09:58 PM	#2
brewbuck Senior software engineer Join Date: Mar 2007 Location: Portland, OR Posts: 5,758	Only root can setuid().
brewbuck is offline

12-24-2007, 06:12 AM	#4
CornedBee Cat without Hat Join Date: Apr 2003 Posts: 8,492	What does your second setuid() call return? __________________ All the buzzt! CornedBee "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code." - Flon's Law
CornedBee is offline

12-25-2007, 06:55 AM	#6
CornedBee Cat without Hat Join Date: Apr 2003 Posts: 8,492	It wasn't any UID. It was the one of the user running the program, as you can see from the real UID. And then back to the setuid user. __________________ All the buzzt! CornedBee "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code." - Flon's Law
CornedBee is offline

12-25-2007, 12:18 PM	#7
wampire Registered User Join Date: Dec 2005 Posts: 3	but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.
wampire is offline

12-25-2007, 03:58 PM	#8
CornedBee Cat without Hat Join Date: Apr 2003 Posts: 8,492	Actually, your saved uid is 1001, because that's the user who starts the app. Then you do the setuid to 1001, setting the effective uid (which was 80) to 1001. The saved uid doesn't change. Thus, at the time you call setuid(80), ruid, euid and suid are all 1001, so the setuid call fails. __________________ All the buzzt! CornedBee "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code." - Flon's Law
CornedBee is offline

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Compiling sample DarkGDK Program	Phyxashun	Game Programming	6	01-27-2009 03:07 AM
Seg Fault in Compare Function	tytelizgal	C Programming	1	10-25-2008 03:06 PM
Another syntax error	caldeira	C Programming	31	09-05-2008 01:01 AM
How to fix misaligned assignment statements in the source code?	biggyK	C++ Programming	28	07-16-2006 11:35 PM
const at the end of a sub routine?	Kleid-0	C++ Programming	14	10-23-2005 06:44 PM