LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-28-2008, 12:00 PM   #1
Bob Lawson
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Rep: Reputation: 0
Effective UID changing... but why and who


I have an application that runs SUID. It is a purchased application so I can not exactly see what it is doing.

When I execute the program it is setuid to ID #200. I'm id #203.

If I use the application to create a file the file is owned by ID #200. So I'm assuming this is proof that the SUID bit is working as it should.

However when I escape from the application and create a file...
!ls > /tmp/file
the file is owned by me, ID#203. I wrote a little program and both the real and effective userids are #203...me!

So who is changing the effective UID back to me?

The application? - not sure why it would or even why it would care.
The Shell? - I've tried both bash and ksh with the same result.
Lunix? - does it eliminate the Effective UID across an Exec call? Can this be controlled?

We count on the effective UID staying until we want to remove it so that we can access protected files.

Thoughs?

Thanks
Bob
 
Old 11-30-2008, 09:24 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
The application runs as user 200. When you exit the app you're yourself not 200, you're not in the application anymore. So.. working as designed?
 
Old 12-01-2008, 08:17 AM   #3
Bob Lawson
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Original Poster
Rep: Reputation: 0
I'm not exiting the app. I am ESCAPING from the app. Just as you would when using ! with in VI. Under Unix, when you escape from the app you maintain the userid and effective userid of the app.

So the app, still running, creates a shell. That shell then runs the command. However when we do this under Linux the effective user id of the shell reverts back to the userid.

Simple example would be the application wants to copy a file. So instead of writing the code to copy the file it calls the 'cp' command to do it. However the file is a protected file and can only be read by userid #200. This works fine under Unix since the cp command is run as userid #200 so it can read the file and copy it. The target file is also owned by user id #200.

However on Linux it appears the userid reeverts to #203. So the cp command can not read the file and therefore the file is not copied.

While this is a simple example we use this technique through out the application for anything from unix to dos conversions to printing.

So is there a way to make this work?

Bob
 
Old 12-02-2008, 09:28 AM   #4
Bob Lawson
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Ok... problem solved.

It turns out that the application will always execute shell commands using the command interpreter /bin/sh.

By default /bin/sh is linked to /bin/bash.

The bash manual page states:
If the shell is started with the effective user (group) id not equal
to the real user (group) id, and the -p option is not supplied, no
startup files are read, shell functions are not inherited from the
environment, the SHELLOPTS variable, if it appears in the environment,
is ignored, and the effective user id is set to the real user id. If
the -p option is supplied at invocation, the startup behavior is the
same, but the effective user id is not reset.

However this does not apply to either ash or ksh.

So by linking /bin/ksh to /bin/sh I get the behavor I need where
the EUID is preserved.

Thanks for all the suggestions.

Bob
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Difference between UID and effective UID chakribobby Linux - Newbie 2 10-23-2007 11:56 AM
Effective UID and real UID Milosevic Linux - General 1 01-06-2007 04:01 PM
Effective UID and Real UID Milosevic Linux - Newbie 1 01-06-2007 11:41 AM
Changing the UID of a Physical Volume to a specific UID jambraun Linux - Newbie 2 02-09-2006 03:34 PM
changing permissions and the UID... viper91681 Solaris / OpenSolaris 3 03-11-2004 10:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration