content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 8BIT
Subject: Behavior of exec wrt euid/ruid on 2.2 vs. 2.4 kernels
Date: Tue, 18 Jun 2002 14:13:19 -0500
Message-ID: <5958610EC585FA42B1CC3D20E216BE7018FAF6@umr-mail6.umr.edu>
Thread-Topic: Behavior of exec wrt euid/ruid on 2.2 vs. 2.4 kernels
Thread-Index: AcIW/DUUXcuVHoCZEda/OwBQVgAgFQ==
From: "Neulinger, Nathan" <nneul@umr.edu>
To: <Linux-kernel@vger.kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1358
Lines: 33

I just noticed this today when I upgraded an older machine from 2.2.x to
2.4.18 that the behavior of exec changed with respect to how it handles
euid!=ruid.

Basically, on 2.4:
	setuid bin, execute it, ruid!=euid, exec another tool, now euid
is set to ruid

on 2.2 the execced binary retains the ruid!=euid.

I can see how this might have been done intentionally for security,
however, it does mean that it is impossible for a execced tool to know
the real uid that is running it if executed from a setuid wrapper, or to
run a helper tool (aklog) from a ruid!=euid process. 

Was this change in behavior intentional?

I never noticed it on any of our other 2.4.x systems, cause exec()'s
within setuid bin's without setresuid(geteuid(),geteuid(),geteuid()) are
pretty rare in our tools, most of them just have a single bin that does
whatever it needs to do. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/