[PATCH] pam_exec questions and possible patch
Aaron Cohen
aaron at assonance.org
Mon Mar 26 14:17:11 UTC 2007
> > setuid(geteuid()) seems an obvious no-op to me (unless the calling
> > application happens to have euid of root, and in that case it's the
> > real user id that's being set, to root) and a test application I wrote
> > seems to confirm this.
>
> Your own argumentation above shows you that it is no no-op. Look at
> your own example, something changes, which is important if you call
> executeables after fork() or with exec*().
>
> Thorsten
The _only_ reason anything changes in my example is because the euid
of the calling process happens to be root and the setuid function has
special behaviour in that case. Setting the real user id is
practically pointless though as all security checks are made against
the euid.
I am thinking about making the run_as_user option set both real and
effective user ids more explicity.
I think one problem we might be having is that you intend seteuid to
give the exec'ed program more permissions than it would normally get,
and I'm intending the exec'ed program to have fewer permissions than
it would normally get. I still don't think that the seteuid works the
way you intend it to though.
More information about the Pam-list
mailing list