>>While debugging some code, I found that a setuid program could regain
>>root after dropping root if the program used capabilities. (I tested
>>this on 2.6.14 and 2.6.9.) Is this the expected behavior? Here's a
>>short test case:
>>
>>/* chown root this program, suid it, and run it as non-root */
>>#include <sys/types.h>
>>#include <sys/capability.h>
>>#include <unistd.h>
>>#include <stdio.h>
>>int main() {
>> cap_set_proc(cap_from_text("all-eip")); /* drop all caps */
>> setuid(getuid()); /* drop root. this call succeeds */
>> setuid(0); /* this should fail! but doesn't */
uid != euid. You would probably have to use
seteuid(getuid());
Plus there is also the feature of saved ids, see sys_setresuid().
Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
