Re: setuid(geteuid());? - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: setuid(geteuid());?
Date
Msg-id Pine.LNX.4.30.0104212238290.758-100000@peter.localdomain
Whole thread Raw
In response to Re: setuid(geteuid());?  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-hackers
Bruce Momjian writes:

> so why does your test work?  Does your manual say something different?
> If setuid() sets user/effective/saved to postgres, how can you get back
> root?

: setuid  sets  the  effective user ID of the current process.  If the
: effective userid of the caller is root, the real and saved user ID's
: are also set.
:
: Under  Linux,  setuid is implemented like the POSIX version with the
: _POSIX_SAVED_IDS feature.  This allows a setuid  (other  than  root)
: program  to  drop  all of its user privileges, do some un-privileged
: work, and then re-engage the original effective user ID in a  secure
: manner.

I suppose your system doesn't have the _POSIX_SAVED_IDS feature.

I also have:

: CONFORMING TO
:        SVr4, SVID, POSIX.1.  Not quite compatible  with  the  4.4BSD  call,
:        which  sets  all  of  the real, saved, and effective user IDs.

On your system you would have to use seteuid() to do what setuid() does
here.

One more reason to avoid this area when possible.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: setuid(geteuid());?
Next
From: Bruce Momjian
Date:
Subject: Re: setuid(geteuid());?