setuid(2) bug?
Martien F v Steenbergen
ccement at rivm.UUCP
Tue Feb 16 18:25:21 AEST 1988
According to the (System V) manuals from AT&T, Uniq, Nuxi and
Xenix the chapter about the setuid(2) system call lists:
"...<Setuid> will fail if the real user ID of the
calling process is not equal to <uid> and its effective
user ID is not super-user. [EPERM]..."
If this is true, then the last command in the following sequence
should be unsuccessful (assuming the use of legal user IDs):
$ pr -n -t setuidbug.c
1 extern int errno;
2
3 main()
4 {
5 errno = 0;
6 if (setuid(100) == -1)
7 perror("setuid");
8 return 0;
9 }
$ make setuidbug
cc -O setuidbug.c -o setuidbug
$ chmod u+s setuidbug
$ id
uid=100(jim) gid=101(cce)
$
...at this time jim logs out and john logs in...
$ ls -l setuidbug
-rwsr-xr-x 1 jim cce 3295 Feb 16 09:04 setuidbug
$ id
uid=139(john) gid=171(pharm)
$ setuidbug
$
This last setuidbug call should result in something like:
setuid: Not owner
but it doesn't. So there's either a bug in Unix or in the manuals
(or in me?). (This bug won't do you any harm, it results in a no op.)
Comment please.
Martien.
________________________________________________________________
Martien F. van Steenbergen
National Institute of Public Health and Environmental Protection
dept. RIVM/CCE
PO Box 1
3720 BA Bilthoven
The Netherlands
tel: (31) 30 742819
email: ...!mcvax!rivm!martien
___________________________MSDOSN'T_____________________________
More information about the Comp.unix.wizards
mailing list