authority: setgid is invalid to SGID .

superstition · 08-16-2005, 06:36 AM

ex:
- --S --- --x root root test.exe

When test.exe is running, the SUID's value = 0 . However ,

- --- --S --x root root test.exe

test.exe is running, the SGID's value != 0 .

SGID's value is amazing !!

What's wrong with SGID ?

Make SGID's value become zero unless group's authority has (x) and big

S bocomes small s . - --- --s --x root root test.exe

When test.exe running ,why doen't group's authority (S)

make the SGID = 0 ??

Matir · 08-17-2005, 03:18 PM

Ok, that made little (or no) sense to me.

However, If you set the setgid bit but NOT the group execute bit (i.e., chmod g+s,g-x), this indicates mandatory file locking on the file, and has NO impact on execution.

http://www.unix.com/showpost.php?p=73757&postcount=4

superstition · 08-18-2005, 03:51 PM

Thans for your reply. Now, I find another problem.

Normal rule:
EUID: used for privilege checks (except for the filesystem) .
ex: files's read/write/excute
FSUID:used for filesystem access checks.
ex: Filesystem Object Attributes(rwx setuid setgid user group...).

Now , suppose a user called kennedy(500) executes a program,and
its file has its setuid(root) bit set.

RUID=500 , EUID=SUID=FSUID=0.

Situation 1:
I change FSUID's value =500 ,the program
can't use function execl() to execute another file.

RUID=500,EUID=SUID=0,FSUID=500.

Situation 2:
I change EUID's value =500, the program can use
function execl() to execute any file.

RUID=500=EUID ,SUID=0,FSUID=0.

Summary:
Why checking privilege is FSUID do it not EUID?

I test many times to find out the problem about EUID/FSUID.

What's wrong with the EUID ? It confuses me !!

Please tell me the reason. -.-

Matir · 08-18-2005, 05:39 PM

Please show sample code demonstrating this.

superstition · 08-18-2005, 06:44 PM

Situation 1 sample code:

#include<stdlib.h>
#include<unistd.h>

#include<stdio.h>
#include<sys/fsuid.h>

int main()

{

setfsuid(getuid());
int pid=fork();
if(pid==0)
{
if(execl("/root/3","3",(char*)0)==-1)
printf("failed\n");
}
while(1);

}

[root@localhost root]# ps -o ruid -o euid -o suid -o fsuid -o fname -a
RUID EUID SUID FSUID COMMAND
0 0 0 0 su
500 500 500 500 bash
500 0 0 500 1
500 0 0 500 1
0 0 0 0 ps

----------------------------------------------------------

Situation 2 sample code:

#include<stdlib.h>
#include<unistd.h>

#include<stdio.h>
#include<sys/fsuid.h>

int main()

{
int suid=geteuid();
seteuid(getuid());
setfsuid(suid);
int pid=fork();
if(pid==0)
{
if(execl("/root/3","3",(char*)0)==-1)
printf("failed\n");
}
while(1);

}

[root@localhost root]# ps -o ruid -o euid -o suid -o fsuid -o fname -a
RUID EUID SUID FSUID COMMAND
0 0 0 0 su
500 500 500 500 bash
500 500 0 0 1
500 500 500 500 3
0 0 0 0 ps

---s--s--x 1 root root 12289 8¤ë 19 07:41 1
---x--x--- 1 root sys 11636 8¤ë 18 11:08 3

1's group is root, 3's group is sys ,so compared with owner(user).