Subject: Re: weird setuid behavior
To: Niels Provos <provos@citi.umich.edu>
From: Noriyuki Soda <soda@sra.co.jp>
List: tech-kern
Date: 01/23/2004 18:11:18
>>> I am a bit puzzled by recent changes (last year) to how setuid works.
>>> Traditionally, it has always been possible as root to call
>>> 
>>>   seteuid(someid)
>>>   setuid(someid)
>>> 
>>> This now fails.  The call to seteuid() succeeds but the the second call
>>> fails leaving the uid=0 and the euid=someid
>>>
>>> Is there some logic behind this behavior?

>> What is your starting condition (euid, ruid, etc.)?  Was the process
>> started from a set-ID binary file?

> Either,
> 
> $ sudo ./application
> 
> or
>  
> $ sudo su -
> # /somewhere/application
> 
> So, euid, ruid, uid == 0 in the latter case.

I tested the program on NetBSD-1.4.2 and NetBSD-1.6_STABLE,
and the setuid(2) call failed on both systems with EPERM.
It failed on Solaris-2.6 and Linux-2.4, too.

Is such change really made at last year?
--
soda