access(2) (was: Writing to A NON-Existing File in "C")
J_Allen_Schones
jal at occrsh.ATT.COM
Sat Apr 23 03:32:26 AEST 1988
In article <975 at unmvax.unm.edu> mike at turing.UNM.EDU.UUCP (Michael I. Bushnell) writes:
[ Much stuff deleted. ]
>Not really. But there is another way it can run under suid
>conditions:
>
>% whoami
>foo
>% su
>Password:
># nifty_program
>
>
>Note that nifty program will now have REAL uid foo and EFFECTIVE uid
>root.
>
[ .signature deleted ]
Is nifty_program(1) :-) setuid or just a regular (non-setuid) program?
I can't speak for BSD systems, but on a 3B15 running System V Rel.
3.1.1 UNIX (trademark of AT&T), nifty_program (running non-setuid)
will have both REAL and EFFECTIVE uid set to root. nifty_program
(running setuid) will have REAL uid root and EFFECTIVE uid foo. su(1)
does a "setuid(geteuid())" when you run it.
Two programs:
nifty.c:
#include <stdio.h>
main()
{
printf("uid == %d\n", getuid());
printf("euid == %d\n", geteuid());
}
setuid.c:
#include <stdio.h>
main()
{
execlp("./nifty", "nifty", 0);
}
Session follows:
$ ls -l
total 42
-rwxr-xr-x 1 jal user1 13536 Apr 22 12:14 nifty
-rw-r--r-- 1 jal user1 113 Apr 22 12:02 nifty.c
-rwsr-xr-x 1 jal user1 5180 Apr 22 12:14 setuid
-rw-r--r-- 1 jal user1 63 Apr 22 12:14 setuid.c
$ id
uid=326(jal) gid=300(user1)
$ ./nifty
uid == 326
euid == 326
$ ./setuid
uid == 326
euid == 326
$ su
Password: <generic root password>
# id
uid=0(root) gid=3(sys)
# ./nifty
uid == 0
euid == 0
# ./setuid
uid == 0
euid == 326
End of session.
--
J. Allen Schones -- AT&T -- Oklahoma City Works
MAIL: 7725 W. Reno -- Oklahoma City, OK -- 73125 -- Dept: 11OC0307720
PHONE: (405) 491-4950 | UUCP: {AT&T}!okcedu!jal
FAX: (405) 491-4530 Attn: Schones 0772 x4950
More information about the Comp.unix.wizards
mailing list