Re: capabilities PATCH

• Next message: Jens Axboe: "Re: test1-ac9 changes broken keyboard behaviour"
• Previous message: Marco Colombo: "Re: [LINUX-ABIT] Re: ABIT -- GENTUS Linux Steals GPL CODE AGAIN!!"
• Maybe in reply to: Michal Kosek: "capabilities PATCH"
• Next in thread: Michal Kosek: "Re: capabilities PATCH"
• Reply: Michal Kosek: "Re: capabilities PATCH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michal Kosek <michau@august.V-LO.krakow.pl>:
>
> Hello,
> almost nobody answered to my mail once again. But I really want to know,
> if our patch is something you like, or not!
> And what about POSIX compliance? Do you think that it is good to modify
> the behaviour of setuid() as I did? Please look at the patch:
> ftp://ftp.v-lo.krakow.pl/pub/linux/patches/
>
> For these who don't have enough time to download it, I put here part of
> documentation, where it is mentioned how I modified setuid()...
>
> WHAT'S GOING ON WITH setuid(2) AND setgid(2)?
> This patch modifies the behaviour of these syscalls. Normal setuid(2)
> drops all his priviledges if it was called by root, but doesn't if it
> was called by normal user. Yes, it's because of POSIX.
> But now let's see at zgv. It is written as if it was suid-root. So it
> calls ioperm and then calls setuid to drop all his root priviledges.
> But now, if we make zgv suid to 'svga' user. Our uid is other than 0,
> so setuid won't change 'saved uid' and thus user will be able to setuid
> to 'svga' user back! Let's suppose we didn't turn 'access only to graphics
> card' option on. Now user has access to every device in the system!
> So I changed it. Now every setuid drops all previous user's priviledges
> and doesn't let setuid back. It's safe. It's logical. But it's not
> compatible with POSIX. What a shame...

What you are referring to as a problem is the use of the wrong sys call:

setuid:
        only switches effective uid; if root real, saved, and effective uid
        is switched.

setreuid:
        sets the real and effective UID.

        to drop root privileges you switch BOTH real and effective at
        the same time.

Now, if you want to drop capabilities, then that is a different system
call.

No changes to setuid required.

setgid does nothing but set the effective group id. If root, then the
real and saved group ids are set. The restrictions are fully documented.

again no changes are required.

You are not required to use the POSIX setuid() call. Use setreuid().

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Jens Axboe: "Re: test1-ac9 changes broken keyboard behaviour"
• Previous message: Marco Colombo: "Re: [LINUX-ABIT] Re: ABIT -- GENTUS Linux Steals GPL CODE AGAIN!!"
• Maybe in reply to: Michal Kosek: "capabilities PATCH"
• Next in thread: Michal Kosek: "Re: capabilities PATCH"
• Reply: Michal Kosek: "Re: capabilities PATCH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:28 EST