10-02-2011
Quote:
Originally Posted by
DendyGamer
Is there any secure way to kill all processes with specified UID ?
Traditional way like
setuid(WANTED_UID);
kill(-1,SIGKILL);
is not secure, because this programm will receive signals between calling setuid and calling kill (so, any programm with WANTED_UID can kill this "killer-program", because we cannot catch SIGKILL from process we try to kill).
You haven't provided any information regarding the ruid, euid, and suid of killer-program nor of its victims. However, it's possible that the only reason that killer-program is vulnerable is because of the setuid() call you're using.
A process p cannot send a signal to a process q unless p's real uid or effective uid matches either q's real uid or saved set uid.
Assuming that killer-program is privileged and starts with ruid==euid==suid==0, setuid(WANTED_GUID) will set them all to WANTED_GUID.
Assuming that the victims are running with ruid==euid==suid==WANTED_GUID, the victims can now kill killer-program because killer-programs ruid and/or suid matches victims' ruid and/or euid.
However, if instead you only modified killer-program's credentials so that ruid==suid==0 and euid==WANTED_GUID, the victims could not kill killer-program, since the victims' ruid and/or euid does not match killer-program's ruid and/or suid.
In short, if the assumptions are correct, all you need is to use seteuid instead of setuid.
If the uid assumptions are incorrect, then please be more specific.
Regards,
Alister
Last edited by alister; 10-02-2011 at 06:12 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi All,
I am unable to kill a process using kill command. I am using HP-UX system. I have tried with kill -9 and i have root privilages.
How can i terminate this daemon ? ? ?
Regards,
Vijay Hegde (3 Replies)
Discussion started by: VijayHegde
3 Replies
2. Shell Programming and Scripting
how to start a process and make it sleep for 5 mins and then kill that process (6 Replies)
Discussion started by: shrao
6 Replies
3. Programming
Hi all
i have simple c program , when i wish to kill the app
im using kill(0,-9) , but it seams this command don't do any thing and the program.
just ignore it .
what im doing wrong here ?
im using HP-UX ia64
Thanks (9 Replies)
Discussion started by: umen
9 Replies
4. UNIX for Dummies Questions & Answers
Hi,
out of curosity this question just popped in my mind. Is there any way to find out the uid and gid of the running process ?
If i do a ls -l of a program then it shows the uid/gid bit (if its set). I want to see as which user/group the program is running ..... is there any way to know this... (2 Replies)
Discussion started by: ankurjain
2 Replies
5. Shell Programming and Scripting
Sorry, posted the question in other forum. (0 Replies)
Discussion started by: sudhamacs
0 Replies
6. Linux
I want to Kill a process without using kill command as i don't have privileges to kill the process. I know the pid and i am using Linux 2.6.9 OS. (6 Replies)
Discussion started by: sudhamacs
6 Replies
7. Shell Programming and Scripting
Hi Experts, we do have a shell script for Unix Solaris, which will kill all the process manullay, it used to work in my previous env, but now it is throwing this error.. could some one please help me to resolve it
This is how we execute the script (and this is the requirement) ... (2 Replies)
Discussion started by: jonnyvic
2 Replies
8. Shell Programming and Scripting
Hi
I want to write a shell script which can find the process id's of all the process and kill them eg:
ps ax | grep rv_
3015 ? S 0:00 /home/vivek/Desktop/rv_server
3020 ? S 0:00 /home/vivek/Desktop/rv_gps
3022 ? S 0:00 /home/vivek/Desktop/rv_show
... (7 Replies)
Discussion started by: vivek_naragund
7 Replies
9. UNIX for Dummies Questions & Answers
What I need to learn is how to use a script that launches background processes, and then kills those processes as needed.
The script successfully launches the script. But how do I check to see if the job exists before I kill it?
I know my problem is mostly failure to understand parameter... (4 Replies)
Discussion started by: holocene
4 Replies
10. Shell Programming and Scripting
Good afternoon
I need to KILL a process in a single command sentence, for example:
kill -9 `ps -aef | grep 'CAL255.4ge' | grep -v grep | awk '{print $2}'`
That sentence Kills the process ID corresponding to the program CAL255.4ge.
However it is possible that the same program... (6 Replies)
Discussion started by: enriquegm82
6 Replies
LEARN ABOUT HPUX
setresgid
setresuid(2) System Calls Manual setresuid(2)
NAME
setresuid, setresgid - set real, effective, and saved user and group IDs
SYNOPSIS
DESCRIPTION
sets the real, effective and/or saved user ID of the calling process.
If the current real, effective or saved user ID is equal to that of a user having appropriate privileges, sets the real, effective and
saved user IDs to ruid, euid, and suid, respectively. Otherwise, only sets the real, effective, and saved user IDs if ruid, euid, and suid
each match at least one of the current real, effective, or saved user IDs.
If ruid, euid, or suid is leaves the current real, effective or saved user ID unchanged.
sets the real, effective and/or saved group ID of the calling process.
If the current real, effective or saved user ID is equal to that of a user having appropriate privileges, sets the real, effective, and
saved group ID to rgid, egid, and sgid, respectively. Otherwise, only sets the real, effective and saved group ID if rgid, egid, and sgid
each match at least one of the current real, effective or saved group ID.
If rgid, egid, or sgid is leaves the current real, effective or saved group ID unchanged.
Security Restrictions
Some or all of the actions associated with this system call require the privilege (CHSUBJIDENT). Processes owned by the superuser will
have this privilege. Processes owned by other users may have this privilege, depending on system configuration.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, and return 0; otherwise, they return -1 and set to indicate the error.
ERRORS
and fail if any of the following conditions are encountered:
ruid, euid, or suid (rgid, egid, or sgid) is not a valid user (group) ID.
None of the conditions above are met.
AUTHOR
and were developed by HP.
SEE ALSO
exec(2), getuid(2), setuid(2), privileges(5).
setresuid(2)