Re: setuid(geteuid());? - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: setuid(geteuid());?
Date
Msg-id 200104212003.f3LK3A423910@candle.pha.pa.us
Whole thread Raw
In response to Re: setuid(geteuid());?  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: setuid(geteuid());?
List pgsql-hackers
> Tom Lane writes:
> 
> > Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > > so it seems to make sure the real/saved uid matches the effective uid.
> > > Now, considering we don't use uid/euid distinction for anything, I agree
> > > it is useless and should be removed.
> >
> > No, it is NOT useless and must NOT be removed.  The point of this little
> > machination is to be dead certain that we have given up root rights if
> > executed as setuid postgres.  The scenario we're concerned about is
> > where real uid = root and effective uid = postgres.
> 
> If effective uid = postgres, then this will execute setuid(postgres),
> which does nothing.

I am a little confused.  BSD/OS manual page says:
    The setuid() function sets the real and effective user IDs and the saved    set-user-ID of the current process to
thespecified value.  The setuid()    function is permitted if the specified ID is equal to the real user ID of    the
process,or if the effective user ID is that of the super user.
 

...
    If the user is not the super user, or the uid specified is not the real,    effective ID, or saved ID, these
functionsreturn -1.
 

so why does your test work?  Does your manual say something different?
If setuid() sets user/effective/saved to postgres, how can you get back
root?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: setuid(geteuid());?
Next
From: Tom Lane
Date:
Subject: Re: setuid(geteuid());?