08-19-2010
Quote:
if the root(any user) is trying to do setuid in a program it should fail.
Because the information could be used to write a virus I will not respond directly.
On reflection the proposal is ludicrous and if implemented will cripple your system beyond repair.
Btw. It helps to know what version of HP-UX you have and whether the system has been built "Trusted".
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Discussion started by: crispy
1 Replies
3. UNIX for Advanced & Expert Users
Hi,
This question deals with Solaris 2.8 and setuid programs. From research I've done so far, setuid programs ignore LD_LIBRARY_PATH; I've proven this and am OK with it. The thing I am not certain of how the C compiler is supposed to behave when it is invoked via a setuid program. Basically,... (0 Replies)
Discussion started by: WolfBoy
0 Replies
4. UNIX for Dummies Questions & Answers
could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies
5. Solaris
Hi All,
Can someone give me some info about setuid or guid topic? Also about sticky bit.
Thanks in advance,
itik (9 Replies)
Discussion started by: itik
9 Replies
6. Shell Programming and Scripting
Hi All,
I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:(
Thanks,
Rico (1 Reply)
Discussion started by: carnegiex
1 Replies
7. Solaris
Hi Gurus,
I need your suggestions,to implement setuid.
Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies
8. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
10. Shell Programming and Scripting
I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this:
$ cat hello
#!/bin/bash
echo hello > /hello
$... (5 Replies)
Discussion started by: Ralph
5 Replies
SETUID(2) Linux Programmer's Manual SETUID(2)
NAME
setuid - set user identity
SYNOPSIS
#include <sys/types.h>
#include <unistd.h>
int setuid(uid_t uid);
DESCRIPTION
setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root, the real UID and saved set-user-ID
are also set.
Under Linux, setuid() is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. This allows a set-user-ID (other than root)
program to drop all of its user privileges, do some un-privileged work, and then reengage the original effective user ID in a secure man-
ner.
If the user is root or the program is set-user-ID-root, special care must be taken. The setuid() function checks the effective user ID of
the caller and if it is the superuser, all process-related user ID's are set to uid. After this has occurred, it is impossible for the
program to regain root privileges.
Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then regain
root privileges afterwards cannot use setuid(). You can accomplish this with seteuid(2).
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
ERRORS
EAGAIN The uid does not match the current uid and uid brings process over its RLIMIT_NPROC resource limit.
EPERM The user is not privileged (Linux: does not have the CAP_SETUID capability) and uid does not match the real UID or saved set-user-ID
of the calling process.
CONFORMING TO
SVr4, POSIX.1-2001. Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs.
NOTES
Linux Notes
Linux has the concept of file system user ID, normally equal to the effective user ID. The setuid() call also sets the file system user ID
of the calling process. See setfsuid(2).
If uid is different from the old effective uid, the process will be forbidden from leaving core dumps.
SEE ALSO
getuid(2), seteuid(2), setfsuid(2), setreuid(2), capabilities(7), credentials(7)
COLOPHON
This page is part of release 3.27 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2010-02-21 SETUID(2)