current-users: UID and EUID in xBSD and Linux

Subject: UID and EUID in xBSD and Linux
To: None <current-users@netbsd.org>
From: Mike M. Volokhov <mishka@apk.od.ua>
List: current-users
Date: 05/12/2004 10:55:42
Greetings!

I'm faced within following problem. On my NetBSD and FreeBSD boxes any
non-SUID program called via SUID executable will use the same EUID/EGID
as original one (SUID). The Linux drops this permissions for all called
programs. For example, let assume we have the following files:

-rw-r--r--  1 mishka  wheel   389 May 12 10:30 Makefile
-rwxr-xr-x  1 mishka  wheel  4807 May 12 10:30 nonsuid*    (non-SUID executable)
-rw-r--r--  1 mishka  wheel   259 Apr 29 17:28 nonsuid.c   (source)
-rwxr-xr-x  1 mishka  wheel    29 Apr 29 17:14 nonsuid.sh* (non-SUID /bin/sh scr.)
-rwxr-xr-x  1 mishka  wheel   249 Apr 29 17:31 runtest.sh*
-rw-------  1 nobody  wheel    29 Apr 29 17:01 secret.txt  (nobody-owned file)
-rwsr-xr-x  1 nobody  wheel  4808 May 12 10:30 suid*       (SUID executable)
-rw-r--r--  1 mishka  wheel   262 Apr 29 17:28 suid.c      (source)

The 'secret.txt' file is a non-readable file for user mishka. The
'runtest.sh' is a shell script which runs all programs above. The
'nonsuid.sh' is a shell script contains only "id ; cat secret.txt"
string. The 'suid' program runs 'nonsuid.sh' using system(3) call and
displays the RUID and EUID. The 'nonsuid' program just like 'suid' one,
but runs 'suid' instead of 'nonsuid.sh'.

The output on xBSD as follows (I've removed groups for shorten):

xbds% ./runtest.sh 
1. Plain read of secure file (cat secret.txt)
cat: secret.txt: Permission denied
2. Running non-SUID /bin/sh program (./nonsuid.sh)
uid=100(mishka) gid=5(operator)
cat: secret.txt: Permission denied
3. Running non-SUID via SUID program (./suid)
suid.c: ID: 100 EID: 65534
uid=100(mishka) euid=65534(nobody) gid=5(operator)
This is a secret contest :-)
4. Running non-SUID via SUID, called via non-SUID C program (./nonsuid)
nonsuid.c: ID: 100      EID: 100
suid.c: ID: 100 EID: 65534
uid=100(mishka) euid=65534(nobody) gid=5(operator)
This is a secret contest :-)

When the Linux shows me (mishka's id = 1000, nobody's id = 1001):

linux$ ./runtest.sh 
1. Plain read of secure file (cat secret.txt)
cat: secret.txt: Permission denied
2. Running non-SUID /bin/sh program (./nonsuid.sh)
uid=1000(mishka) gid=100(users)
cat: secret.txt: Permission denied
3. Running non-SUID via SUID program (./suid)
suid.c: ID: 1000        EID: 1001
uid=1000(mishka) gid=100(users)
cat: secret.txt: Permission denied
4. Running non-SUID via SUID, called via non-SUID C program (./nonsuid)
nonsuid.c: ID: 1000     EID: 1000
suid.c: ID: 1000        EID: 1001
uid=1000(mishka) gid=100(users)
cat: secret.txt: Permission denied

As you can see Linux drops EUID on any children processes, when xBSDs
left it the same. Which system is more correct in this case?

Any help would be appreciated.

--
Mishka.