[9005] in bugtraq

home help back first fref pref prev next nref lref last post

Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service)

daemon@ATHENA.MIT.EDU (Thamer Al-Herbish)
Sat Jan 9 14:33:41 1999

Date: 	Fri, 8 Jan 1999 17:36:11 -0800
Reply-To: Thamer Al-Herbish <shadows@WHITEFANG.COM>
From: Thamer Al-Herbish <shadows@WHITEFANG.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199901081439.BAA00258@cheops.anu.edu.au>

On Sat, 9 Jan 1999, Darren Reed wrote:

> On Tue, 5 Jan 1999, D. J. Bernstein wrote:
>
> > Venema further claims that ``a set-uid posting program cannot guarantee
> > user identification.'' That claim is false. The user id is provided by
> > the standard UNIX getuid() system call.
>
> Just to be pedantic, Venema is correct.  "User identification" is a lot
> more than just a getuid() system call as I'm sure you would be well aware.
>
> If I find some other avenue to obtain a different uid to the one I normally
> use, i.e. exploit some other setuid-root program, getuid() will (if I've
> done my homework) thereafter fail to identity correctly which user is
> sending the email.

No. The real user ID is inherited by a child process, as well as
the effectiver user ID. Unless you can switch these credentials, with
setreuid(), in the exploited SUID process, your real user ID is
still inherited.

Run this as a SUID program:

int main(int argc,char *argv[])
{
  execl("/usr/bin/id","id",0);
  perror();
}

Granted that "id" is in /usr/bin/id.

> Maybe getuid() is the "best" you can do, maybe not.  A lot of the OS's
> these days have some sort of audit id which is sometimes less flexible
> than uid's when it comes to change.

To be extra pedantic use getlogin() to double check. getlogin cannot
lie unless you are root and did a setlogin().

--
Thamer Al-Herbish                     PGP public key:
shadows@whitefang.com                 http://www.whitefang.com/pgpkey.txt
[ Maintainer of the Raw IP Networking FAQ http://www.whitefang.com/rin/ ]

home help back first fref pref prev next nref lref last post