No, it is not pointless as your own tests shows and it has a huge
difference, if you are doing a fork()/exec*() call.
After exec*() on Linux the effective uid of the new process is the
old real uid.
This is entirely false. Linux does nothing to change either ruid or
euid on exec.
/* Compile a runroot */
/* chown root runroot */
/* chmod u+s runroot */
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
void print_uids(char* prompt) {
uid_t uid = getuid();
uid_t euid = geteuid();
printf("%sRunning with uid=%d, euid=%d\n", prompt, uid, euid);
}
int main(int argc, char** argv) {
print_uids("Calling process: ");
printf("Exec'ing printuid\n");
execv("/tmp/printuid", argv);
return 0;
}
-------------------------------------------------------------------
/* Compile as printuid and save to /tmp */
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
void print_uids(char* prompt) {
uid_t uid = getuid();
uid_t euid = geteuid();
printf("%sRunning with uid=%d, euid=%d\n", prompt, uid, euid);
}
int main(int argc, char** argv) {
print_uids("Exec'ed process: ");
return 0;
}
------------------------------------------------------------------------------------------
Output:
Calling process: Running with uid=1002, euid=0
Exec'ing printuid
Exec'ed process: Running with uid=1002, euid=0
The only thing we care about it the euid!!!
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
