To: linux-kernel@vger.kernel.org
Path: not-for-mail
From: daw@cs.berkeley.edu (David Wagner)
Newsgroups: isaac.lists.linux-kernel
Subject: Re: EUID != root + EGID = root, and CAP_SETGID
Date: Sun, 13 Dec 2009 05:19:56 +0000 (UTC)
Organization: University of California, Berkeley
Message-ID: <hg1ths$g05$1@taverner.cs.berkeley.edu>
References: <4B222C3D.2070807@icdsoft.com>
Reply-To: daw-news@taverner.cs.berkeley.edu (David Wagner)
NNTP-Posting-Host: taverner.cs.berkeley.edu
NNTP-Posting-Date: Sun, 13 Dec 2009 05:19:56 +0000 (UTC)
Originator: daw@taverner.cs.berkeley.edu (David Wagner)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1056
Lines: 20

Ivan Zahariev  wrote:
>Is this an intended behavior?

Yes.  Setuid/setgid are a mess.  For more details, you might
find the following research papers interesting:

http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf 
http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf 

See, e.g., Section 5.2 of the former paper, which says:

  "an effective group ID of zero does not accord any
  special privileges to change groups. This is a potential
  source of confusion: it is tempting to assume incorrectly
  that since appropriate privileges are carried by the euid
  in the setuid-like calls, they will be carried by the
  egid in the setgid-like calls, but this is not how it
  actually works. This misconception caused a mistake in
  the manual page of setgid in Redhat Linux 7.2 (Section
  6.4.1)."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/