10-02-2011
Quote:
Originally Posted by
DendyGamer
Is there any secure way to kill all processes with specified UID ?
Traditional way like
setuid(WANTED_UID);
kill(-1,SIGKILL);
is not secure, because this programm will receive signals between calling setuid and calling kill (so, any programm with WANTED_UID can kill this "killer-program", because we cannot catch SIGKILL from process we try to kill).
You haven't provided any information regarding the ruid, euid, and suid of killer-program nor of its victims. However, it's possible that the only reason that killer-program is vulnerable is because of the setuid() call you're using.
A process p cannot send a signal to a process q unless p's real uid or effective uid matches either q's real uid or saved set uid.
Assuming that killer-program is privileged and starts with ruid==euid==suid==0, setuid(WANTED_GUID) will set them all to WANTED_GUID.
Assuming that the victims are running with ruid==euid==suid==WANTED_GUID, the victims can now kill killer-program because killer-programs ruid and/or suid matches victims' ruid and/or euid.
However, if instead you only modified killer-program's credentials so that ruid==suid==0 and euid==WANTED_GUID, the victims could not kill killer-program, since the victims' ruid and/or euid does not match killer-program's ruid and/or suid.
In short, if the assumptions are correct, all you need is to use seteuid instead of setuid.
If the uid assumptions are incorrect, then please be more specific.
Regards,
Alister
Last edited by alister; 10-02-2011 at 06:12 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi All,
I am unable to kill a process using kill command. I am using HP-UX system. I have tried with kill -9 and i have root privilages.
How can i terminate this daemon ? ? ?
Regards,
Vijay Hegde (3 Replies)
Discussion started by: VijayHegde
3 Replies
2. Shell Programming and Scripting
how to start a process and make it sleep for 5 mins and then kill that process (6 Replies)
Discussion started by: shrao
6 Replies
3. Programming
Hi all
i have simple c program , when i wish to kill the app
im using kill(0,-9) , but it seams this command don't do any thing and the program.
just ignore it .
what im doing wrong here ?
im using HP-UX ia64
Thanks (9 Replies)
Discussion started by: umen
9 Replies
4. UNIX for Dummies Questions & Answers
Hi,
out of curosity this question just popped in my mind. Is there any way to find out the uid and gid of the running process ?
If i do a ls -l of a program then it shows the uid/gid bit (if its set). I want to see as which user/group the program is running ..... is there any way to know this... (2 Replies)
Discussion started by: ankurjain
2 Replies
5. Shell Programming and Scripting
Sorry, posted the question in other forum. (0 Replies)
Discussion started by: sudhamacs
0 Replies
6. Linux
I want to Kill a process without using kill command as i don't have privileges to kill the process. I know the pid and i am using Linux 2.6.9 OS. (6 Replies)
Discussion started by: sudhamacs
6 Replies
7. Shell Programming and Scripting
Hi Experts, we do have a shell script for Unix Solaris, which will kill all the process manullay, it used to work in my previous env, but now it is throwing this error.. could some one please help me to resolve it
This is how we execute the script (and this is the requirement) ... (2 Replies)
Discussion started by: jonnyvic
2 Replies
8. Shell Programming and Scripting
Hi
I want to write a shell script which can find the process id's of all the process and kill them eg:
ps ax | grep rv_
3015 ? S 0:00 /home/vivek/Desktop/rv_server
3020 ? S 0:00 /home/vivek/Desktop/rv_gps
3022 ? S 0:00 /home/vivek/Desktop/rv_show
... (7 Replies)
Discussion started by: vivek_naragund
7 Replies
9. UNIX for Dummies Questions & Answers
What I need to learn is how to use a script that launches background processes, and then kills those processes as needed.
The script successfully launches the script. But how do I check to see if the job exists before I kill it?
I know my problem is mostly failure to understand parameter... (4 Replies)
Discussion started by: holocene
4 Replies
10. Shell Programming and Scripting
Good afternoon
I need to KILL a process in a single command sentence, for example:
kill -9 `ps -aef | grep 'CAL255.4ge' | grep -v grep | awk '{print $2}'`
That sentence Kills the process ID corresponding to the program CAL255.4ge.
However it is possible that the same program... (6 Replies)
Discussion started by: enriquegm82
6 Replies
setuid(2) System Calls Manual setuid(2)
NAME
setuid(), setgid() - set user and group IDs
SYNOPSIS
DESCRIPTION
sets the real-user-ID (ruid), effective-user-ID (euid), and/or saved-user-ID (suid) of the calling process. If the Security Containment
product is installed, these interfaces treat a process observing as a privileged process. Otherwise, only processes with an euid of zero
are treated as privileged processes. See privileges(5) for more information on Security Containment and fine-grained privileges.
The following conditions govern setuid's behavior:
o If the process is privileged, sets the ruid, euid, and suid to uid.
o If the process is not privileged and the argument uid is equal to the ruid or the suid, sets the euid to uid; the ruid and suid
remain unchanged. (If a set-user-ID program is not running as superuser, it can change its euid to match its ruid and reset
itself to the previous euid value.)
o If the process is not privileged, the argument uid is equal to the euid, and the calling process has the privilege, sets the ruid
to uid; the euid and suid remain unchanged.
sets the real-group-ID (rgid), effective-group-ID (egid), and/or saved-group-ID (sgid) of the calling process. The following conditions
govern behavior:
o If the process is privileged, sets the rgid and egid to gid.
o If the process is not privileged and the argument gid is equal to the rgid or the sgid, sets the egid to gid; the rgid and sgid
remain unchanged.
o If the process is not privileged, the argument gid is equal to the egid, and the calling process has the privilege, sets the rgid
to gid; the egid and sgid remain unchanged.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, and return 0; otherwise, they return -1 and set to indicate the error.
ERRORS
and fail and return -1 if any of the following conditions are encountered:
None of the conditions above are met.
uid (gid) is not a valid user (group) ID.
WARNINGS
It is recommended that the capability be avoided, as it is provided for backward compatibility. This feature may be modified or dropped
from future HP-UX releases. When changing the real user ID and real group ID, use of and (see setresuid(2)) is recommended instead.
AUTHOR
was developed by AT&T, the University of California, Berkeley, and HP.
was developed by AT&T.
SEE ALSO
exec(2), getuid(2), setresuid(2), privileges(5).
STANDARDS CONFORMANCE
setuid(2)