Clearing environment on exec of setuid process
Moderator, John Quarterman
std-unix at ut-sally.UUCP
Wed Feb 12 02:09:24 AEST 1986
>From: Kay Dekker <seismo!mcvax!warwick!kay>
To: ut-sally!std-unix
Organization: Computer Science, Warwick University, UK
Date: Sat, 8 Feb 86 10:20:38 GMT
>Date: Wed, 5 Feb 86 08:12:33 pst
>>From: seismo!sun!rtech!daveb (Dave Brower)
>Organization: Relational Technology Inc, Alameda CA
>
>The answer is only to do limited operations when in setuid. The best
>way to do this would be to allow processes to painlessly shift back and
>forth between their real-uid and effective-uid. This is allowed, but
>not documented on BSD, but appears not to be allowed at all on SV.
>This way, you can have your one section that need to run setuid be setuid
>whenver needed, while running as the real user the reset of the time.
This is *exactly* what I found myself needing to do last night... When
you say "BSD", does this include 4.1? If so, how do I do it? and why
isn't it documented?
Kay.
--
Virtue is its own punishment.
... mcvax!ukc!warwick!kay
[ It was introduced in 4.2BSD. Here's the man page.
Note that only super-user can actually switch back and forth
between ruid and euid. -mod ]
SETREUID(2) UNIX Programmer's Manual SETREUID(2)
NAME
setreuid - set real and effective user ID's
SYNOPSIS
setreuid(ruid, euid)
int ruid, euid;
DESCRIPTION
The real and effective user ID's of the current process are
set according to the arguments. If _r_u_i_d or _e_u_i_d is -1, the
current uid is filled in by the system. Only the super-user
may modify the real uid of a process. Users other than the
super-user may change the effective uid of a process only to
the real uid.
RETURN VALUE
Upon successful completion, a value of 0 is returned. Oth-
erwise, a value of -1 is returned and _e_r_r_n_o is set to indi-
cate the error.
ERRORS
[EPERM] The current process is not the super-user and
a change other than changing the effective
user-id to the real user-id was specified.
SEE ALSO
getuid(2), setregid(2), setuid(3)
Printed 2/11/86 12 February 1983 1
Volume-Number: Volume 5, Number 44
More information about the Mod.std.unix
mailing list