Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to write a wrapper c code to return uid using getuid() function
Top Forums Programming how to write a wrapper c code to return uid using getuid() function Post 302194281 by ramen_noodle on Monday 12th of May 2008 03:02:05 PM
Old 05-12-2008
setuid() is pretty integral to a safe unix process.
One basic mode is for a root privileged parent to acquire
resources only it can handle (ports < 1024) and then delegate service to setuid(> 0) children/threads, ala OpenSSH and many other pieces of software via IPC.

Given it's not easy to do securely and does pose a considerable security issue: mostly races and various abuses of unsafe programing practices in the privileged process.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

What is wrapper script and how to write

hi guys, I have a requirement to run a script 4 times with different parameter values. the 4 jobs have to run parallely which actually access different data of same table and deletes. how can i achieve this.................? Thanks in advance (1 Reply)
Discussion started by: chiru
1 Replies

2. Shell Programming and Scripting

return value of a function

Hi I have a doubt in the way the variables inside a function are treated . if a function is called from the main script directly, the variables inside them act as global variables. however if the return value of the function is stored to some other variable in the main script as shown,... (3 Replies)
Discussion started by: prez
3 Replies

3. UNIX for Dummies Questions & Answers

to pick up the Return Code ( RC) from the mailx command and return it to SAS uisng 's

Hi All, Can anyone please let me know the syntax / how to pick up the Return Code ( RC) from the mailx command and return it to SAS uisng 'system()' function and '${?}'. I am in a process to send the mail automatically with an attachment to bulk users. I have used 'Mailx' and 'Unencode'... (0 Replies)
Discussion started by: manas6
0 Replies

4. Shell Programming and Scripting

return in function

I am using ksh. I want to know how can we make any function to return string or double value. I dont want to use the global variables. (5 Replies)
Discussion started by: PRKS
5 Replies

5. Shell Programming and Scripting

Return a value from called function to the calling function

I have two scripts. script1.sh looks -------------------------------- #!/bin/bash display() { echo "Welcome to Unix" } display ----------------------------- Script2.sh #!/bin/bash sh script1.sh //simply calling script1.sh ------------------------------ (1 Reply)
Discussion started by: mvictorvijayan
1 Replies

6. Programming

Created a wrapper for a function in a class.

I have a class called Parsing with the following function. I want to create a wrapper for it, so that I call it using GetReal rather than GetFloat. Bit confused on how to do this. class Parsing { private: int Length; // int Ptr; ... (3 Replies)
Discussion started by: kristinu
3 Replies

7. Programming

Help with getuid

I'm not that acquainted to C programming and would like to know how to obtain the internal Unix userid of a user (I'm on HP UX) and stro it in a variable. I found the getuid() fonction returns the current user's internal ID. But I would like to find it for a different user. I was hoping... (7 Replies)
Discussion started by: rm-r
7 Replies

8. Shell Programming and Scripting

Return: can only `return' from a function or sourced script

Not sure where the problem is. I can run the script without any issue using the following command. . /opt/app/scripts/cdc_migration.sh But it fails with the below error when I try it this way /opt/app/scripts/cdc_migration.sh /opt/app/scripts/cdc_migration.sh: line 65: return: can only... (1 Reply)
Discussion started by: svajhala
1 Replies

9. Web Development

Function check_badges($color, $uid, $limit = 300, $_DEBUG = true)

Here is the first draft PHP function to check badges: <?php function check_badges($color, $uid, $limit = 300, $_DEBUG = true) { /* * check_badges() version 0.1 by Neo 9 Jan 2019 * $_COOKIE is not used in this server-side code * but may be used in the browser. ... (0 Replies)
Discussion started by: Neo
0 Replies

10. Shell Programming and Scripting

Function - Make your function return an exit status

Hi All, Good Day, seeking for your assistance on how to not perform my 2nd, 3rd,4th etc.. function if my 1st function is in else condition. #Body function1() { if then echo "exist" else echo "not exist" } #if not exist in function1 my all other function will not proceed.... (4 Replies)
Discussion started by: meister29
4 Replies

LEARN ABOUT PLAN9

setuid32

SETUID(2)						     Linux Programmer's Manual							 SETUID(2)

NAME

       setuid - set user identity

SYNOPSIS

       #include <sys/types.h>
       #include <unistd.h>

       int setuid(uid_t uid);

DESCRIPTION

       setuid()  sets  the effective user ID of the calling process.  If the calling process is privileged (more precisely: if the process has the
       CAP_SETUID capability in its user namespace), the real UID and saved set-user-ID are also set.

       Under Linux, setuid() is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.  This allows a set-user-ID (other than root)
       program	to  drop all of its user privileges, do some un-privileged work, and then reengage the original effective user ID in a secure man-
       ner.

       If the user is root or the program is set-user-ID-root, special care must be taken: setuid() checks the effective user ID of the caller and
       if  it is the superuser, all process-related user ID's are set to uid.  After this has occurred, it is impossible for the program to regain
       root privileges.

       Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then  regain
       root privileges afterward cannot use setuid().  You can accomplish this with seteuid(2).

RETURN VALUE

       On success, zero is returned.  On error, -1 is returned, and errno is set appropriately.

       Note:  there  are  cases where setuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure
       return from setuid().

ERRORS

       EAGAIN The call would change the caller's real UID (i.e., uid does not match the caller's real UID), but  there	was  a	temporary  failure
	      allocating the necessary kernel data structures.

       EAGAIN uid  does  not  match the real user ID of the caller and this call would bring the number of processes belonging to the real user ID
	      uid over the caller's RLIMIT_NPROC resource limit.  Since Linux 3.1, this error case  no	longer	occurs	(but  robust  applications
	      should check for this error); see the description of EAGAIN in execve(2).

       EINVAL The user ID specified in uid is not valid in this user namespace.

       EPERM  The user is not privileged (Linux: does not have the CAP_SETUID capability) and uid does not match the real UID or saved set-user-ID
	      of the calling process.

CONFORMING TO

       POSIX.1-2001, POSIX.1-2008, SVr4.  Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs.

NOTES

       Linux has the concept of the filesystem user ID, normally equal to the effective user ID.  The setuid() call also sets the filesystem  user
       ID of the calling process.  See setfsuid(2).

       If uid is different from the old effective UID, the process will be forbidden from leaving core dumps.

       The  original  Linux  setuid() system call supported only 16-bit user IDs.  Subsequently, Linux 2.4 added setuid32() supporting 32-bit IDs.
       The glibc setuid() wrapper function transparently deals with the variation across kernel versions.

   C library/kernel differences
       At the kernel level, user IDs and group IDs are a per-thread attribute.	However, POSIX requires that all threads in a  process	share  the
       same  credentials.   The NPTL threading implementation handles the POSIX requirements by providing wrapper functions for the various system
       calls that change process UIDs and GIDs.  These wrapper functions (including the one for  setuid())  employ  a  signal-based  technique	to
       ensure  that  when one thread changes credentials, all of the other threads in the process also change their credentials.  For details, see
       nptl(7).

SEE ALSO

       getuid(2), seteuid(2), setfsuid(2), setreuid(2), capabilities(7), credentials(7), user_namespaces(7)

COLOPHON

       This page is part of release 4.15 of the Linux man-pages project.  A description of the project, information about reporting bugs, and  the
       latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.

Linux								    2017-09-15								 SETUID(2)
All times are GMT -4. The time now is 08:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy