Hello.
Trying to investigate glib issue, I found out that issetugid() returns
true even when
ruid == euid && ruid == suid && rgid == egid && rgid == sgid and pfexec
was used to launch a program and it was granted some privileges.
This is true even when ruid wasn't changed at all.
So, I'm curious, if it's an intended behavior?
For example:
#include <stdio.h>
#include <unistd.h>
int main()
{
int is_setuid;
uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
if(issetugid()){
printf("Setugid\n");
}
suid = ruid = getuid ();
sgid = rgid = getgid ();
euid = geteuid ();
egid = getegid ();
is_setuid = (ruid != euid || ruid != suid ||
rgid != egid || rgid != sgid);
if(is_setuid) {
printf("Setugid\n");
}
return 0;
}
This check fires even if I have the following line in
/etc/security/exec_attr and Desktop Removable Media User profile...
Desktop Removable Media
User:solaris:cmd:RO::/export/home/leoric/srcs/issetugid:privs=sys_devices
So, it's just additional system privilege, uids and gids are not
changed...
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
