Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Create a program illustrating SUID
Top Forums Shell Programming and Scripting Create a program illustrating SUID Post 302788005 by Don Cragun on Sunday 31st of March 2013 09:00:20 PM
Old 03-31-2013
Quote:
Originally Posted by jim mcnamara
Code:
Many systems will clear the set-UID bit on a file when it is opened for writing

Per POSIX:

write() system call
Code:
Upon successful completion, where nbyte is greater than 0, 
write() will mark for update the st_ctime and st_mtime fields of the file, 
and if the file is a regular file, the S_ISUID and S_ISGID bits of the file 
mode may be cleared.

I don't see where open() does that - FWIW.
You're correct in saying that POSIX conforming systems aren't allowed to do this. (Although the standard isn't entirely consistent on this point. The descriptions of ftruncate() and truncate() both say that the S_ISUID and S_ISGID bits may be cleared if they change the size of the file. It is strange that open() with the O_TRUNC flag set doesn't make the same allowance.)

You may have also noticed the RATIONALE in the Base Definitions volume's description of the <sys/stat.h> header:
Quote:
The S_ISUID and S_ISGID bits may be cleared on any write, not just on open( ), as some historical implementations do.
I believe some non-conforming implementations still clear both of these bits on any successful open for writing, although I can't name any examples at this time.
 

10 More Discussions You Might Find Interesting

1. Programming

Using a C program to create directories in UNIX

Aloha, I'm attempting to use a C program to create directories and then use a system call to have another program write .dat files into that directory. I understand that I could use the "system("mkdir directory_name")" function however, I would like my program to create a new directory each time... (3 Replies)
Discussion started by: aloha_boi
3 Replies

2. Programming

How to create a new unix user in through a c program

Hi , I want to create a new user using c program not with unix adduser command . is it possible to write a cprogram to create a new user account , it should accept username , grouid , group name and all other privilages . i can use system calls inside c program to do this . i will... (5 Replies)
Discussion started by: naren_chella
5 Replies

3. Programming

Create a lib from a c program

I have a function in a c program that I want to to share with other programs. How do I create a lib using the cc compiler ? (9 Replies)
Discussion started by: npires
9 Replies

4. Programming

create sound using C program

I could not recall the function in C to generate diff type of sounds. Can somebody help me out. (2 Replies)
Discussion started by: bishweshwar
2 Replies

5. Shell Programming and Scripting

Shell Program to create a RPM name

Hi Guru,s/Geek,s I need help to create RPM names from rpms. Example : a2ps-4.14-6.fc10.i386 perl-Email-Find-0.10-2.fc10.noarch directfb-1.2.7-2.fc10.i386 libid3tag-0.15.1b-7.fc10.i386 apr-util-1.3.7-1.fc10.i386 libquicktime-1.0.3-4.fc10.i386 The Desired Output is : a2ps... (2 Replies)
Discussion started by: anand.linux1984
2 Replies

6. Homework & Coursework Questions

create a program that runs two processes linked oven

I need help program in C... :create a program that runs two processes linked oven (1 Reply)
Discussion started by: gizmo16
1 Replies

7. AIX

How to create core through program at the time of crash by handling signals?

I am in process of writing a library which can make any application of my product capable of creating core in the application's log folder with a product friendly core file name programatically. In my library I am registering for certain signals e.g. SIGILL, SIGFPE, SIGBUS, SIGSEGV, SIGSYS, SIGABRT... (1 Reply)
Discussion started by: rajeev_ks
1 Replies

8. Solaris

How to create core through program at the time of crash by handling signals?

I am in process of writing a library which can make any application of my product capable of creating core in the application's log folder with a product friendly core file name programatically. In my library I am registering for certain signals e.g. SIGILL, SIGFPE, SIGBUS, SIGSEGV, SIGSYS, SIGABRT... (5 Replies)
Discussion started by: rajeev_ks
5 Replies

9. UNIX for Dummies Questions & Answers

Difference between inbuilt suid programs and user defined root suid programs under bash shell?

Hey guys, Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries. However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies

10. UNIX for Dummies Questions & Answers

Can you gain root privileges if the suid program does not belong to root?

I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way? I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies

LEARN ABOUT CENTOS

chmod

CHMOD(3P)						     POSIX Programmer's Manual							 CHMOD(3P)

PROLOG

       This  manual page is part of the POSIX Programmer's Manual.  The Linux implementation of this interface may differ (consult the correspond-
       ing Linux manual page for details of Linux behavior), or the interface may not be implemented on Linux.

NAME

       chmod - change mode of a file

SYNOPSIS

       #include <sys/stat.h>

       int chmod(const char *path, mode_t mode);

DESCRIPTION

       The chmod() function shall change S_ISUID, S_ISGID,  S_ISVTX, and the file permission bits of the file named by the pathname pointed to	by
       the  path  argument  to the corresponding bits in the mode argument. The application shall ensure that the effective user ID of the process
       matches the owner of the file or the process has appropriate privileges in order to do this.

       S_ISUID, S_ISGID,  S_ISVTX,  and the file permission bits are described in <sys/stat.h>.

       If the calling process does not have appropriate privileges, and if the group ID of the file does not match the effective group ID  or  one
       of  the	supplementary  group  IDs  and	if the file is a regular file, bit S_ISGID (set-group-ID on execution) in the file's mode shall be
       cleared upon successful return from chmod().

       Additional implementation-defined restrictions may cause the S_ISUID and S_ISGID bits in mode to be ignored.

       The effect on file descriptors for files open at the time of a call to chmod() is implementation-defined.

       Upon successful completion, chmod() shall mark for update the st_ctime field of the file.

RETURN VALUE

       Upon successful completion, 0 shall be returned; otherwise, -1 shall be returned and errno set to indicate the error. If -1 is returned, no
       change to the file mode occurs.

ERRORS

       The chmod() function shall fail if:

       EACCES Search permission is denied on a component of the path prefix.

       ELOOP  A loop exists in symbolic links encountered during resolution of the path argument.

       ENAMETOOLONG
	      The length of the path argument exceeds {PATH_MAX} or a pathname component is longer than {NAME_MAX}.

       ENOTDIR
	      A component of the path prefix is not a directory.

       ENOENT A component of path does not name an existing file or path is an empty string.

       EPERM  The effective user ID does not match the owner of the file and the process does not have appropriate privileges.

       EROFS  The named file resides on a read-only file system.

       The chmod() function may fail if:

       EINTR  A signal was caught during execution of the function.

       EINVAL The value of the mode argument is invalid.

       ELOOP  More than {SYMLOOP_MAX} symbolic links were encountered during resolution of the path argument.

       ENAMETOOLONG
	      As  a  result  of  encountering  a  symbolic link in resolution of the path argument, the length of the substituted pathname strings
	      exceeded {PATH_MAX}.

       The following sections are informative.

EXAMPLES

   Setting Read Permissions for User, Group, and Others
       The following example sets read permissions for the owner, group, and others.

	      #include <sys/stat.h>

	      const char *path;
	      ...
	      chmod(path, S_IRUSR|S_IRGRP|S_IROTH);

   Setting Read, Write, and Execute Permissions for the Owner Only
       The following example sets read, write, and execute permissions for the owner, and no permissions for group and others.

	      #include <sys/stat.h>

	      const char *path;
	      ...
	      chmod(path, S_IRWXU);

   Setting Different Permissions for Owner, Group, and Other
       The following example sets owner permissions for CHANGEFILE to read, write, and execute, group permissions to read and execute,	and  other
       permissions to read.

	      #include <sys/stat.h>

	      #define CHANGEFILE "/etc/myfile"
	      ...
	      chmod(CHANGEFILE, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH);

   Setting and Checking File Permissions
       The  following  example sets the file permission bits for a file named /home/cnd/mod1, then calls the stat() function to verify the permis-
       sions.

	      #include <sys/types.h>
	      #include <sys/stat.h>

	      int status;
	      struct stat buffer
	      ...
	      chmod("home/cnd/mod1", S_IRWXU|S_IRWXG|S_IROTH|S_IWOTH);
	      status = stat("home/cnd/mod1", &buffer;);

APPLICATION USAGE

       In order to ensure that the S_ISUID and S_ISGID bits are set, an application requiring this should use stat() after a successful chmod() to
       verify this.

       Any  file descriptors currently open by any process on the file could possibly become invalid if the mode of the file is changed to a value
       which would deny access to that process. One situation where this could occur is on a stateless file system. This behavior will	not  occur
       in a conforming environment.

RATIONALE

       This  volume  of IEEE Std 1003.1-2001 specifies that the S_ISGID bit is cleared by chmod() on a regular file under certain conditions. This
       is specified on the assumption that regular files may be executed, and the system should prevent  users	from  making  executable  setgid()
       files perform with privileges that the caller does not have. On implementations that support execution of other file types, the S_ISGID bit
       should be cleared for those file types under the same circumstances.

       Implementations that use the S_ISUID bit to indicate some other function (for example, mandatory record locking)  on  non-executable  files
       need  not clear this bit on writing. They should clear the bit for executable files and any other cases where the bit grants special powers
       to processes that change the file contents.  Similar comments apply to the S_ISGID bit.

FUTURE DIRECTIONS

       None.

SEE ALSO

       chown(), mkdir(), mkfifo(), open(), stat(), statvfs(), the Base Definitions volume of IEEE Std 1003.1-2001, <sys/stat.h>, <sys/types.h>

COPYRIGHT

       Portions of this text are reprinted and reproduced in electronic form from IEEE Std 1003.1, 2003 Edition, Standard for Information Technol-
       ogy -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of
       Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and  the  original  IEEE
       and  The  Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained
       online at http://www.opengroup.org/unix/online.html .

IEEE
/The Open Group						       2003								 CHMOD(3P)
All times are GMT -4. The time now is 02:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy