Subject: Re: UID and EUID in xBSD and Linux
To: Mike M. Volokhov <mishka@apk.od.ua>
From: Giles Lean <giles@nemeton.com.au>
List: current-users
Date: 05/23/2004 11:14:07
[ Replying to old mail, but I don't see any followp, so maybe this
is still interesting. ]
Mike M. Volokhov <mishka@apk.od.ua> wrote:
> I'm faced within following problem. On my NetBSD and FreeBSD boxes any
> non-SUID program called via SUID executable will use the same EUID/EGID
> as original one (SUID). The Linux drops this permissions for all called
> programs.
The Linux behaviour sounds strange, offhand.
> -rw------- 1 nobody wheel 29 Apr 29 17:01 secret.txt (nobody-owned file)
> -rwsr-xr-x 1 nobody wheel 4808 May 12 10:30 suid* (SUID executable)
I wonder is there something special about setuid 'nobody' binaries
on Linux? Possibly not, since Linux appears to be using arbitrary
user ids for 'nobody'.
I'd suggest to clarify the problem further:
a) retest with an ordinary account, not 'nobody'
b) replace the shell script with a small C program, in case the shell on
Linux is "helping" in some way
c) let us know the versions of the Linux kernel and shell -- if the
behaviour is not consistent on different Linux versions then it's
easier to label as a Linux oddity :-)
> As you can see Linux drops EUID on any children processes, when xBSDs
> left it the same. Which system is more correct in this case?
I think the BSD one, but the standards are a bit twisty in the area of
setuid binaries.
Giles