Details
[Home]
Issue of the Standard # S0102
Brief
setreuid/setregid may change saved set-user/group-ID
Detailed Description
The LSB standard says nothing that setreuid() function may change the saved set-user-ID value. As a result someone read the specification does not expect that such changes may happen. But actually, if the real user ID is set to or the effective user ID is set to a value not equal to the previous real user ID, the saved set-user-ID will be set to the new effective user ID. This feature is described in the Linux man pages. So it should be specified in the LSB as well.
The following code illustrates the problem. Run this program under root user.
#include <unistd.h>
#include <stdio.h>
// Prints real user ID, effective user ID,
// real group ID and effective group ID
static void ReadIds( void ) {
printf( "Read real user ID, effective user ID,"
"real group ID and effective group ID :\n"
"[%3d|%3d|%3d|%3d]\n",
getuid(), geteuid(), getgid(), getegid()
);
}
int main( int argc, char ** argv ) {
ReadIds();
printf( "Set real user ID and effective user ID\n" );
printf( "to non root (uid 500) with setreuid( 500, 500 ): " );
if (setreuid( 500, 500 ) == 0 )
{
printf( "passed.\n" );
}
else
{
printf( "failed.\n" );
return -1;
}
ReadIds();
printf( "Try to set effective user ID to 0 with seteuid( 0 ): " );
// The following seteuid() call fails, because argument
// does not equal to saved set-user-ID. The seteuid() function may be
// replaced by setuid(0), setreuid(0,0) but the problem is still
// the same. So it seems that the saved set-user-ID was changed by setreuid().
if ( seteuid( 0 ) == 0 ) {
printf( "passed.\n" );
}
else {
printf( "failed.\n" );
}
ReadIds();
return 0;
}
The same picture is for the setregid() interface.
Problem location(s) in the standard
Linux Standard Base Core Specification 3.1, Chapter 13. Base Libraries, 13.3. Interfaces for libc, 13.3.2. System Calls that refers The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, System Interfaces, the description of sereuid() function
[Home]