...
If the process has appropriate privileges,
setuid()shall set the real user ID, effective user ID, and the saved set-user-ID of the calling process touid.If the process does not have appropriate privileges, but
uidis equal to the real user ID or the saved set-user-ID,setuid()shall set the effective user ID touid; the real user ID and saved set-user-ID shall remain unchanged.
The phrase meaning of "appropriate privileges" varies from platform to platform. For example, on Solaris appropriate privileges for setuid() means that the PRIV_PROC_SETID privilege is in the effective privilege set of the process. On BSD, it means that the effective user ID (EUID) is zero (that is, the process is running as root) or that uid=geteuid(). On Linux, it means that the process has CAP_SETUID capability and that setuid(geteuid()) will fail if the effective EUID is not equal to 0, the real user ID (RUID), or the saved set-user-ID (SSUID).
...
| Code Block | ||
|---|---|---|
| ||
/* Code intended to run with elevated privileges */
/* Temporarily drop privileges */
if (seteuid(getuid()) != 0) {
/* Handle error */
}
/* Code intended to run with lower privileges */
if (need_more_privileges) {
/* Restore privileges */
if (seteuid(0) != 0) {
/* Handle Errorerror */
}
/* Code intended to run with elevated privileges */
}
/* ... */
/* Permanently drop privileges */
if (setuid(getuid()) != 0) {
/* Handle Errorerror */
}
/*
* Code intended to run with lower privileges,
* but if privilege relinquishment failed,
* attacker can regain elevated privileges!
*/
|
...