-x implementations
Don Lewis
del at algol.mlb.semi.harris.com
Wed Feb 6 12:13:05 AEST 1991
In article <1991Feb4.135842.28500 at odin.diku.dk> thorinn at diku.dk (Lars Henrik Mathiesen) writes:
>jim at segue.segue.com (Jim Balter) writes:
>>In article <8920 at star.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
>>>What if the program (e.g. the shell) that _calls_ `test', is setuid?
>>>(I.e. its effective uid differs from its real uid.)
>
>>The shell shouldn't be set-uid if you have any concern for security, but even
>>if it were, exec pays no attention to the set-uid bit of the caller.
>
>But exec (and fork) don't care about the real uid either, so it is
>just inherited. If a shell has different real and effective uids, any
>process run by that shell will too (unless it happens to be setuid to
>the real uid). And the shell in its turn could have been started by a
>setuid program that has a reason for being so.
It sounds to me like the effective uid should be set back to the real uid
before doing the exec()? Actually, I was under the impression that exec()
did this automatically, but I just tried an experiment and found that
I was mistaken.
--
Don "Truck" Lewis Harris Semiconductor
Internet: del at mlb.semi.harris.com PO Box 883 MS 62A-028
Phone: (407) 729-5205 Melbourne, FL 32901
More information about the Comp.unix.programmer
mailing list