Guide to writing secure setuid programs?
Schizophrenic Solipsist
matt at oddjob.UChicago.EDU
Fri Mar 18 09:54:08 AEST 1988
jc at heart-of-gold (John M Chambers x7780 1E342) asks:
) If there were a way to test at run time whether the program (well,
) actually the process, but you know what I mean) is setuid:
)
) if (setuid(getpid())) {
) <<Don't do a bunch of stuff>>
) } else {
) <<Go ahead and do them>>
) }
)
) Can anyone show me the source for setuid()? I suspect that you can't,
) but I'd like someone to explain how stupid I'm being and how easy it is.
int
i_am_setuid()
{
return getuid() != geteuid();
}
/* I *think* it is done in SysV as it is in BSD. Amen. */
________________________________________________________
Matt University matt at oddjob.uchicago.edu
Crawford of Chicago {astrovax,ihnp4}!oddjob!matt
More information about the Comp.unix.wizards
mailing list