[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: setuid in gdomap - bug or feature?
From: |
Richard Frith-Macdonald |
Subject: |
Re: setuid in gdomap - bug or feature? |
Date: |
Fri, 4 May 2001 05:59:18 +0100 |
On Friday, May 4, 2001, at 01:25 AM, Chris B. Vetter wrote:
Hi,
I'm not sure if this is a bug or a feature, but I'm running in all kinds
of trouble with gdomap's setuid(3) call in main().
Instead of
if (getuid () != 0)
{
setuid (getuid ());
}
else
{
setuid (-1);
}
which (on my box) keeps gdomap running with UID 4294967295, a call to
getpwnam(3) similar to
struct passwd *pw = getpwnam("nobody");
setuid(pw->pw_uid);
would probably be a much "cleaner" approach.
I've changed the code to try using the user 'nobody' before resorting to
uid -2
(-1 was a typo ... this should be consistent with the standard
usage of -2 to denote a user with no access). Some older unices don't
have a
user 'nobody' by default, and common practice of applications like NFS
is to use -2.
So, current behavior is ...
If started by a non-root user, run as that user so they are able to kill
the process.
If started by root, run as user nobody (if found) else as user -2
All that being said ... I don't understand why this has been causing you
any trouble.