본문 바로가기

Programming

Role of setuid

질문. 

In Unix, when exec

If Real user ID is not same with file owner, and Set user ID bit is on, then, effective user id is changed to file owner's, and saved set user ID too.
Because Effective user ID is copied to Saved set user ID when exec.

At this moment, Why saved set userID is needed?

Because of security problem? if it is right, especially what case?

 

 

해답은 아래와 같다.

If you have a SUID (setuid) program, then it can use its EUID to access files that it would otherwise not be accessible to its users. However, if it wants to create a file on behalf of the user (the RUID of the person running it), then it needs to drop the SUID privilege so the EUID is the same as the RUID. Once upon not so very long ago, once you dropped the SUID privilege, it was lost for good; you could not get it back. The saved UID value allows you to switch back, which simplifies management of privileges for SUID programs. 

 

Having a saved user id allows you to drop your privileges (by switching the effective uid to the real one) and then regain them (by switching the effective uid to the saved one) only when needed. 

 

 

 

 

즉 일시적으로 Euid 를 Ruid 로 덮어서 권한을 떨어뜨린다음 다시 권한상승을 하기위해서 쓴다.

하지만 이건 application 적으로도 구현가능한거 아닌가? -_- 아무튼...

'Programming' 카테고리의 다른 글

Linux configuration stuff  (0) 2013.07.10
About LD_PRELOAD  (2) 2013.07.10
Kernel module symbol reference  (0) 2013.07.10
Linux x86 system call table  (0) 2013.07.10
Finding symbol in libc  (0) 2013.07.10