Patrick Powell wrote:
> The 'setruid()' is BROKEN? Sigh... OK. Could you send me the output
> of 'configure' and the output of running 'make -k' ?
>
> Does it have setreuid()? I need to be able to set the
> real UID to a user value and the effective ID to root.
Patrick,
Thanks for asking!
Here is the bird's eye low-down on this caper - straight from the AIX
manual:
-----------------------
Syntax
#include <unistd.h>
int setuid (UID)
uid_t UID;
int setruid (RUID)
uid_t RUID;
int seteuid (EUID)
uid_t EUID;
int setreuid (RUID, EUID)
uid_t RUID;
uid_t EUID;
Description
The setuid, setruid, seteuid, and setreuid subroutines reset the process
user IDs. The following semantics are supported:
setuid If the effective user ID of the process is the root user, the
process's real, effective, and saved user IDs are set to the value of
the UID parameter. Otherwise, the process effective user ID is reset if
the UID parameter specifies either the current real or saved user IDs.
seteuid The process effective user ID is reset if the UID parameter is
equal to either the current real or saved user IDs or if the effective
user ID of the process is the root user.
setruid The EPERM error code is always returned. Processes cannot reset
only their real user IDs.
setreuid The RUID and EUID parameters can have the following two
possibilities:
RUID != EUID If the EUID parameter specifies either the process's real
or saved user IDs, the process effective user ID is set to the EUID
parameter. Otherwise, the EPERM error code is returned.
RUID= = EUID If the process effective user ID is the root user, the
process's real and effective u ser IDs are set to the EUID parameter.
Otherwise, the EPERM error code is returned.
The real and effective user ID parameters can have a value of -1. If the
value is -1, the actual value for the UID parameter is set to the
corresponding current the UID parameter of the process.
Parameters
UID Specifies the user ID to set.
EUID Specifies the effective user ID to set.
RUID Specifies the real user ID to set.
Return Values
Upon successful completion, the setuid, seteuid, and setreuid
subroutines return a value of 0. Otherwise, a value of -1 is returned
and the errno global variable is set to indicate the error.
Error Codes
The setuid, seteuid, and setreuid subroutines are unsuccessful if either
of the following is true:
EINVAL The value of the UID or EUID parameter is not valid.
EPERM The process does not have the appropriate privileges and the UID
and EUID parameters are not equal to either the real or saved user IDs
of the process.
-----------------------
So, the net effect of this is that 'configure' finds the setruid routine
in the library and blithely assumes that it actually works.
I get around this problem with the following patch:
-----------------------
*** config.h.orig Fri Aug 9 13:44:42 2002
--- config.h Fri Aug 9 14:10:18 2002
***************
*** 769,775 ****
#define HAVE_SETREUID 1
/* Define to 1 if you have the `setruid' function. */
! #define HAVE_SETRUID 1
/* Define to 1 if you have the `setsid' function. */
#define HAVE_SETSID 1
--- 769,775 ----
#define HAVE_SETREUID 1
/* Define to 1 if you have the `setruid' function. */
! /* #undef HAVE_SETRUID */
/* Define to 1 if you have the `setsid' function. */
#define HAVE_SETSID 1
-----------------------
This is straight-forward, but it's extremely icky to patch config.h.
So I think that all you have to do is tell 'configure' that if it's AIX,
there there's no setruid. But I'm not a 'configure' wonk, so I don't
know how to do that.
-Rick
--
|Rick Cochran phone: 607-255-7618|
|Cornell CIT - Systems & Operations - Net-Print FAX: 607-255-8521|
|730 Rhodes Hall, Ithaca, N.Y. 14853 email: [EMAIL PROTECTED]|
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
