I just noticed this today when I upgraded an older machine from 2.2.x to
2.4.18 that the behavior of exec changed with respect to how it handles
euid!=ruid.
Basically, on 2.4:
setuid bin, execute it, ruid!=euid, exec another tool, now euid
is set to ruid
on 2.2 the execced binary retains the ruid!=euid.
I can see how this might have been done intentionally for security,
however, it does mean that it is impossible for a execced tool to know
the real uid that is running it if executed from a setuid wrapper, or to
run a helper tool (aklog) from a ruid!=euid process.
Was this change in behavior intentional?
I never noticed it on any of our other 2.4.x systems, cause exec()'s
within setuid bin's without setresuid(geteuid(),geteuid(),geteuid()) are
pretty rare in our tools, most of them just have a single bin that does
whatever it needs to do.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: [email protected]
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
Never mind... it was pointed out that this is a change in behavior of
more recent versions of bash, not the exec call.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: [email protected]
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Neulinger, Nathan
> Sent: Tuesday, June 18, 2002 2:13 PM
> To: '[email protected]'
> Subject: Behavior of exec wrt euid/ruid on 2.2 vs. 2.4 kernels
>
>
> I just noticed this today when I upgraded an older machine
> from 2.2.x to 2.4.18 that the behavior of exec changed with
> respect to how it handles euid!=ruid.
>
> Basically, on 2.4:
> setuid bin, execute it, ruid!=euid, exec another tool,
> now euid is set to ruid
>
> on 2.2 the execced binary retains the ruid!=euid.
>
> I can see how this might have been done intentionally for
> security, however, it does mean that it is impossible for a
> execced tool to know the real uid that is running it if
> executed from a setuid wrapper, or to run a helper tool
> (aklog) from a ruid!=euid process.
>
> Was this change in behavior intentional?
>
> I never noticed it on any of our other 2.4.x systems, cause
> exec()'s within setuid bin's without
> setresuid(geteuid(),geteuid(),geteuid()) are pretty rare in
> our tools, most of them just have a single bin that does
> whatever it needs to do.
>
> -- Nathan
>
> ------------------------------------------------------------
> Nathan Neulinger EMail: [email protected]
> University of Missouri - Rolla Phone: (573) 341-4841
> Computing Services Fax: (573) 341-4216
>