| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: setuid(geteuid());? |
| Date: | 2001-04-21 16:29:47 |
| Message-ID: | 1210.987870587@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> so it seems to make sure the real/saved uid matches the effective uid.
> Now, considering we don't use uid/euid distinction for anything, I agree
> it is useless and should be removed.
No, it is NOT useless and must NOT be removed. The point of this little
machination is to be dead certain that we have given up root rights if
executed as setuid postgres. The scenario we're concerned about is
where real uid = root and effective uid = postgres. We want real uid
to become postgres as well --- otherwise our test to prevent execution
as root is a waste of time, because nefarious code could become root
again just by doing setuid. See the setuid man page: if real uid is
root then setuid(root) will succeed.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-04-21 16:43:37 | Re: setuid(geteuid());? |
| Previous Message | Peter Eisentraut | 2001-04-21 15:43:02 | SET SESSION AUTHORIZATION (was Re: Real/effective user) |