Re: [discuss] is_setuid and pfexec

Fri, 11 Mar 2016 13:35:57 -0800 

Yes, the problem is that UID and GID are *not* the only way that privileges
can be granted.  With fine grained privilege (RBAC), privileges can be
added or removed for a given process, with no change in the effective IDs.

As soon as you use pfexec, you’re activating additional privileges
(presumably), and we want to know that in library space.  The problem here
is that the setugid call is a bit dated, and the API has not evolved to
keep up with modern APIs.  (Note that historically, before RBAC and
privileges, the program *would* have been setid, in order to grant the
rights to the device or other resources.)

The man page calls this out as well:

```

The *issetugid()* function enables library functions (in *libtermlib*,

       *libc*, or other libraries) to guarantee safe behavior when used in

       *setuid* or *setgid* programs or programs that run with more
privileges

       after a succesful *exec*(2).
```

So, there you go. :-)


On Fri, Mar 11, 2016 at 12:07 AM, Alexander Pyhalov <[email protected]> wrote:

> Hello.
> 
> Trying to investigate glib issue, I found out that issetugid() returns
> true even when
> ruid == euid && ruid == suid && rgid == egid && rgid == sgid  and pfexec
> was used to launch a program and it was granted some privileges.
> This is true even when ruid wasn't changed at all.
> 
> So, I'm curious, if it's an intended behavior?
> 
> For example:
> 
> #include <stdio.h>
> #include <unistd.h>
> 
> int main()
> {
>   int is_setuid;
>   uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
>   gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
> 
> if(issetugid()){
>   printf("Setugid\n");
> }
> 
> suid = ruid = getuid ();
>         sgid = rgid = getgid ();
>         euid = geteuid ();
>         egid = getegid ();
> is_setuid = (ruid != euid || ruid != suid ||
>                  rgid != egid || rgid != sgid);
> if(is_setuid) {
>  printf("Setugid\n");
> }
> return 0;
> }
> 
> This check fires even if I have the following line in
> /etc/security/exec_attr and Desktop Removable Media User profile...
> Desktop Removable Media
> User:solaris:cmd:RO::/export/home/leoric/srcs/issetugid:privs=sys_devices
> So, it's just additional system privilege, uids and gids are not changed...
> 



-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com

Reply via email to