effective user id - Unix

This is a discussion on effective user id - Unix ; I have the code shown below. I have compiled it and changed the ownership of a.out to user2:user2 and set the setuid bit (chmod 04755 a.out). Now I tried to run it as user1. The readdir system call function works ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: effective user id

  1. effective user id

    I have the code shown below. I have compiled it and changed the
    ownership of a.out to user2:user2 and set the setuid bit (chmod 04755
    a.out). Now I tried to run it as user1. The readdir system call
    function works fine, the directory contents of /home/user2 get printed.
    But, the 'system("ls -l /home/user2")', doesn't work, it gives the
    error "ls: /home/user2: Permission denied". Any ideas how to make this
    work? (btw, /home/user2 has the perms 700)

    --------------------------------------------------------------------------
    #include
    #include

    int main(){

    DIR *dirp = opendir("/home/user2");
    struct dirent* dp;
    while (dirp) {
    int errno = 0;
    if ((dp = readdir(dirp)) != 0) {
    printf("%s\n",dp->d_name);
    }
    else{break;}
    }

    system("ls -l /home/user2");


  2. Re: effective user id

    Change "ls -l /home/user2" to "id" (or "id -a" on SysV-compatible
    systems). Then you should see what the subprocess inherits. I tested
    this on MacOS X 10.3, and the ls is ok as expected (ls -l shows the
    correct directory, id shows uid(user1) euid(user2)

    Hubble


  3. Re: effective user id

    On some systems (especially SystemV descendants), shells give up
    effective uid privs for security reasons. On these systems, you can
    insert

    setuid(geteuid());
    system("ls -l /home/user2");

    This should help

    Hubble.


  4. Re: effective user id

    Note from the manual page of bash(1):

    If the shell is started with the effective user (group)
    id not equal to the real user (group) id, and the -p
    option is not supplied, these actions are taken ***and the
    effective user id is set to the real user id***.

    Since system(1) invokes a shell, in most cases bash on linux
    systems, it will reset euid to user1before executing "ls -l". You
    must use setuid(geteuid()) before calling system(3).

    Hubble.


+ Reply to Thread