discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setuid in gdomap - bug or feature?


From: Richard Frith-Macdonald
Subject: Re: setuid in gdomap - bug or feature?
Date: Fri, 4 May 2001 05:59:18 +0100

On Friday, May 4, 2001, at 01:25 AM, Chris B. Vetter wrote:

Hi,

I'm not sure if this is a bug or a feature, but I'm running in all kinds
of trouble with gdomap's setuid(3) call in main().

Instead of

  if (getuid () != 0)
    {
      setuid (getuid ());
    }
  else
    {
      setuid (-1);
    }

which (on my box) keeps gdomap running with UID 4294967295, a call to
getpwnam(3) similar to

        struct passwd *pw = getpwnam("nobody");
        setuid(pw->pw_uid);

would probably be a much "cleaner" approach.

I've changed the code to try using the user 'nobody' before resorting to uid -2
(-1 was a typo ... this should be consistent with the standard
usage of -2 to denote a user with no access). Some older unices don't have a user 'nobody' by default, and common practice of applications like NFS is to use -2.

So, current behavior is ...

If started by a non-root user, run as that user so they are able to kill the process.
If started by root, run as user nobody (if found) else as user -2

All that being said ... I don't understand why this has been causing you any trouble.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]