Clearing environment on exec of setuid process

Moderator, John Quarterman std-unix at ut-sally.UUCP
Wed Feb 12 02:09:24 AEST 1986 

>From: Kay Dekker <seismo!mcvax!warwick!kay>
To: ut-sally!std-unix
Organization: Computer Science, Warwick University, UK
Date: Sat,  8 Feb 86 10:20:38 GMT

>Date: Wed, 5 Feb 86 08:12:33 pst
>>From: seismo!sun!rtech!daveb (Dave Brower)
>Organization: Relational Technology Inc, Alameda CA
>
>The answer is only to do limited operations when in setuid.  The best
>way to do this would be to allow processes to painlessly shift back and
>forth between their real-uid and effective-uid.  This is allowed, but
>not documented on BSD, but appears not to be allowed at all on SV.
>This way, you can have your one section that need to run setuid be setuid
>whenver needed, while running as the real user the reset of the time.

This is *exactly* what I found myself needing to do last night...  When
you say "BSD", does this include 4.1?  If so, how do I do it?  and why
isn't it documented?

						Kay.
-- 
Virtue is its own punishment.
			... mcvax!ukc!warwick!kay

[ It was introduced in 4.2BSD.  Here's the man page.
Note that only super-user can actually switch back and forth
between ruid and euid.  -mod ]


SETREUID(2)         UNIX Programmer's Manual          SETREUID(2)

NAME
     setreuid - set real and effective user ID's

SYNOPSIS
     setreuid(ruid, euid)
     int ruid, euid;

DESCRIPTION
     The real and effective user ID's of the current process are
     set according to the arguments.  If _r_u_i_d or _e_u_i_d is -1, the
     current uid is filled in by the system.  Only the super-user
     may modify the real uid of a process.  Users other than the
     super-user may change the effective uid of a process only to
     the real uid.

RETURN VALUE
     Upon successful completion, a value of 0 is returned.  Oth-
     erwise, a value of -1 is returned and _e_r_r_n_o is set to indi-
     cate the error.

ERRORS
     [EPERM]        The current process is not the super-user and
                    a change other than changing the effective
                    user-id to the real user-id was specified.

SEE ALSO
     getuid(2), setregid(2), setuid(3)

Printed 2/11/86         12 February 1983                        1

Volume-Number: Volume 5, Number 44

More information about the Mod.std.unix mailing list