Re: [PATCH] pam_exec questions and possible patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No, it is not pointless as your own tests shows and it has a huge
difference, if you are doing a fork()/exec*() call.
After exec*() on Linux the effective uid of the new process is the
old real uid.

This is entirely false.  Linux does nothing to change either ruid or
euid on exec.

/* Compile a runroot */
/* chown root runroot */
/* chmod u+s runroot */
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

void print_uids(char* prompt) {
       uid_t uid = getuid();
       uid_t euid = geteuid();

       printf("%sRunning with uid=%d, euid=%d\n", prompt, uid, euid);
}

int main(int argc, char** argv) {
       print_uids("Calling process: ");

       printf("Exec'ing printuid\n");

       execv("/tmp/printuid", argv);

       return 0;
}
-------------------------------------------------------------------

/* Compile as printuid and save to /tmp */
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

void print_uids(char* prompt) {
       uid_t uid = getuid();
       uid_t euid = geteuid();

       printf("%sRunning with uid=%d, euid=%d\n", prompt, uid, euid);
}

int main(int argc, char** argv) {
       print_uids("Exec'ed process: ");
       return 0;
}

------------------------------------------------------------------------------------------

Output:
Calling process: Running with uid=1002, euid=0
Exec'ing printuid
Exec'ed process: Running with uid=1002, euid=0

The only thing we care about it the euid!!!

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux