current-users: Re: those annoying "set*uid is deprecated" messages

Subject: Re: those annoying "set*uid is deprecated" messages
To: John Kohl <jtk@atria.com>
From: Chris G. Demetriou <cgd@alpha.bostic.com>
List: current-users
Date: 07/20/1994 00:41:55
> >>>>> "Chris" == Chris G Demetriou <cgd@alpha.bostic.com> writes:
> 
> Chris> why are you so keen to have the _real_ uid set, in any case?
> Chris> for everything except access(), the effective UID is used
> Chris> for determining stuff like permissions...
> 
> The Kerberos library creates ticket files, which we want to be owned by
> the user.  It assumes if it sees getuid() != geteuid() that it's a
> setuid program, and it temporarily swaps the two so that the user's UID
> is on the ticket file.

what i've been trying to get you to understand, in previous mail,
was that you should not do that with setreuid() any more!  You should
be using seteuid(), in every 4.4-Lite-ish BSD system.  It's been this
way since a while ago, in 4.4...

if you replace the swaps with appropriate 'seteuid' calls, things
should work just fine, i'd _think_...  i.e. instead of doing:
	setuid(rootuid);		/* perhaps implied */
	setreuid(rootuid, useruid);
	/* do stuff to file */
	setreuid(useruid, rootuid);
	setuid(userid);
	/* run shell */
do:
	setuid(rootuid);		/* perhaps implied */
	seteuid(userid);
	/* do stuff to file */
	seteuid(rootuid);
	setuid(rootuid);
	/* run shell */

in general, a reasonable approximation is:
	:g/setreuid/s/setreuid(\([^,]*\),\([^)]*\))/setreuid(\2)/g
8-)

setreuid(x,y); ... ; setreuid(y,x); 
as setreuid is currently emulated, will do the exact same
thing as seteuid(y); ... ; seteuid(x); if your real and effective
uid's were the same to start with.

maybe i'm missing something here, but... look at this:

boat-anchor# rm *
boat-anchor# cat > foo.c
#include <fcntl.h>
main()
{
        int oldeff;
        printf("real = %d, eff = %d\n", getuid(), oldeff = geteuid());
        open("owned_by_eff1", O_CREAT, 0600);
        seteuid(getuid());
        open("owned_by_real", O_CREAT, 0600);
        seteuid(oldeff);
        open("owned_by_eff2", O_CREAT, 0600);
}
boat-anchor# cc foo.c ; chmod u+s a.out
boat-anchor# exit
232 [boat-anchor] tmp % ls -la a.out
-rwsr-xr-x  1 root  bin  13974 Jul 19 20:56 a.out*
233 [boat-anchor] tmp % id
uid=2200(cgd) gid=15 groups=15, 0(wheel), 5(operator), 20(staff), 117(dialer), 500(source), 501(bugs), 502(i386-bsd), 503(other-bsd), 504(mac-bsd), 505(mailman), 507(ftp-incoming), 600(ksrc), 601(usrc)
234 [boat-anchor] tmp % ls -l owned*
ls: No match.
235 [boat-anchor] tmp % a.out
real = 2200, eff = 0
236 [boat-anchor] tmp % ls -l owned*
-rw-------  1 root  bin  0 Jul 19 20:56 owned_by_eff1
-rw-------  1 root  bin  0 Jul 19 20:56 owned_by_eff2
-rw-------  1 cgd   bin  0 Jul 19 20:56 owned_by_real

what's different there than what you want to do?

you'll note that:
	(1) the files were created with uid == the euid of the process.
	(2) [not demonstrated] if your euid == 0, you can chown.

(1) follows from the fact that i mentioned to you earlier (i forget
whether it was here, or in mail), that ALL FILE SYSTEM OPERATIONS
EXCEPT FOR access() ARE DONE USING THE EFFECTIVE UID OF THE PROCESS.


how about this: if that knowledge doesn't solve your problems,
what, exactly, are you trying to do?


chris

------------------------------------------------------------------------------