| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: setuid(geteuid());? |
| Date: | 2001-04-21 20:43:26 |
| Message-ID: | Pine.LNX.4.30.0104212238290.758-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian writes:
> so why does your test work? Does your manual say something different?
> If setuid() sets user/effective/saved to postgres, how can you get back
> root?
: setuid sets the effective user ID of the current process. If the
: effective userid of the caller is root, the real and saved user ID's
: are also set.
:
: Under Linux, setuid is implemented like the POSIX version with the
: _POSIX_SAVED_IDS feature. This allows a setuid (other than root)
: program to drop all of its user privileges, do some un-privileged
: work, and then re-engage the original effective user ID in a secure
: manner.
I suppose your system doesn't have the _POSIX_SAVED_IDS feature.
I also have:
: CONFORMING TO
: SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call,
: which sets all of the real, saved, and effective user IDs.
On your system you would have to use seteuid() to do what setuid() does
here.
One more reason to avoid this area when possible.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-04-21 21:53:31 | Re: setuid(geteuid());? |
| Previous Message | Tom Lane | 2001-04-21 20:42:03 | Re: setuid(geteuid());? |