Re: EUID != root + EGID = root, and CAP_SETGID

From: David Wagner
Date: Sun Dec 13 2009 - 00:57:43 EST

Next message: andrew hendry: "Re:"
Previous message: Ulrich Drepper: "Re: setrlimit(RLIMIT_NETWORK) vs. prctl(???)"
In reply to: Andreas Schwab: "Re: EUID != root + EGID = root, and CAP_SETGID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ivan Zahariev wrote:
>Is this an intended behavior?

Yes. Setuid/setgid are a mess. For more details, you might
find the following research papers interesting:

http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf

See, e.g., Section 5.2 of the former paper, which says:

"an effective group ID of zero does not accord any
special privileges to change groups. This is a potential
source of confusion: it is tempting to assume incorrectly
that since appropriate privileges are carried by the euid
in the setuid-like calls, they will be carried by the
egid in the setgid-like calls, but this is not how it
actually works. This misconception caused a mistake in
the manual page of setgid in Redhat Linux 7.2 (Section
6.4.1)."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: andrew hendry: "Re:"
Previous message: Ulrich Drepper: "Re: setrlimit(RLIMIT_NETWORK) vs. prctl(???)"
In reply to: Andreas Schwab: "Re: EUID != root + EGID = root, and CAP_SETGID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]