Re^2: Setuid(geteuid()), help

[Maarten Litmaath]

clewis at eci386.uucp (Chris Lewis) writes:
\In article <2733 at piraat.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
\...
\>setuid() to either geteuid() or getuid() must ALWAYS succeed. Elementary.
\...
\Maarten's usually right, but in this case he isn't.  *Most* versions of
\UNIX (eg: Xenix and SV, but I think BSD may be the opposite) do not allow
\you to setuid() to anything other than getuid() unless geteuid() == 0.

You're right! :-(

\...
\The easiest way to get a mkdir to get the ownership the way you want it
\is to write a setuid root wrapper that invokes mkdir and then chown's 
\the created directory to "news" explicitly.
\
\eg, compile and make setuserid root:
\
\	main(argc, argv) int argc; char **argv; {
\	    int pid;
\	    if ((pid = fork()) == 0)
\		exec("/bin/mkdir", argv[1], 0);
\	    while(wait(0) != pid);
\	    exec("/bin/chown", "news", argv[1], 0);
\	}
\...

I think I like the following better:

	#define		NEWS		6	/* uid of news */

	char	mkdir[] = "/bin/mkdir";

	main(argc, argv)
	int	argc;
	char	**argv;
	{
		if (setuid(NEWS) == -1) {
			perror("setuid");
			exit(1);
		}
		argv[0] = mkdir;
		execv(mkdir, argv);
		perror(mkdir);
		exit(1);
	}

Anyway, thanks for the correction, Chris!
-- 
"I HATE arbitrary limits, especially when |Maarten Litmaath @ VU Amsterdam:
   they're small."  (Stephen Savitzky)    |maart at cs.vu.nl, mcvax!botter!maart