Re: Why can setuid programs regain root after dropping it when usingcapabilities?

From: Jan Engelhardt
Date: Sun Jan 01 2006 - 10:25:24 EST

Next message: Jan Engelhardt: "Re: 2.6.15-rc7-rt1"
Previous message: Jan Engelhardt: "Re: MPlayer broken under 2.6.15-rc7-rt1?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>While debugging some code, I found that a setuid program could regain
>>root after dropping root if the program used capabilities. (I tested
>>this on 2.6.14 and 2.6.9.) Is this the expected behavior? Here's a
>>short test case:
>>
>>/* chown root this program, suid it, and run it as non-root */
>>#include <sys/types.h>
>>#include <sys/capability.h>
>>#include <unistd.h>
>>#include <stdio.h>
>>int main() {
>> cap_set_proc(cap_from_text("all-eip")); /* drop all caps */
>> setuid(getuid()); /* drop root. this call succeeds */
>> setuid(0); /* this should fail! but doesn't */

uid != euid. You would probably have to use

seteuid(getuid());

Plus there is also the feature of saved ids, see sys_setresuid().

Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jan Engelhardt: "Re: 2.6.15-rc7-rt1"
Previous message: Jan Engelhardt: "Re: MPlayer broken under 2.6.15-rc7-rt1?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]