Re: Why can setuid programs regain root after dropping it when using capabilities?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


>>While debugging some code, I found that a setuid program could regain
>>root after dropping root if the program used capabilities. (I tested
>>this on 2.6.14 and 2.6.9.) Is this the expected behavior? Here's a
>>short test case:
>>/* chown root this program, suid it, and run it as non-root */
>>#include <sys/types.h>
>>#include <sys/capability.h>
>>#include <unistd.h>
>>#include <stdio.h>
>>int main() {
>>   cap_set_proc(cap_from_text("all-eip")); /* drop all caps */
>>   setuid(getuid());                       /* drop root. this call succeeds */
>>   setuid(0);                              /* this should fail! but doesn't */

uid != euid. You would probably have to use


Plus there is also the feature of saved ids, see sys_setresuid().

Jan Engelhardt
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at
Please read the FAQ at

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux