I just noticed this today when I upgraded an older machine from 2.2.x to
2.4.18 that the behavior of exec changed with respect to how it handles
euid!=ruid.
Basically, on 2.4:
setuid bin, execute it, ruid!=euid, exec another tool, now euid
is set to ruid
on 2.2 the execced binary retains the ruid!=euid.
I can see how this might have been done intentionally for security,
however, it does mean that it is impossible for a execced tool to know
the real uid that is running it if executed from a setuid wrapper, or to
run a helper tool (aklog) from a ruid!=euid process.
Was this change in behavior intentional?
I never noticed it on any of our other 2.4.x systems, cause exec()'s
within setuid bin's without setresuid(geteuid(),geteuid(),geteuid()) are
pretty rare in our tools, most of them just have a single bin that does
whatever it needs to do.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jun 23 2002 - 22:00:17 EST