ucred when euid/egid

Nate Eldredge nate at thatsmathematics.com
Sun Nov 29 21:54:58 UTC 2009 

On Sun, 29 Nov 2009, Clifton Royston wrote:

> On Sun, Nov 29, 2009 at 01:19:02PM +0300, Anthony Pankov wrote:
>>
>> Thank you for reply.
>>
>> So, seteuid/gid isn't enough to gain group access as for real uid.
>> But how i can achieve this? What functions should i call from
>> 'theprog' to gain access for the groups euid user belongs to?
>>
>> May be i solve the problem in wrong way?
>>
>> The full problem is:
>>
>> There is a file owned by group filegroup:
>>  rw-rw----   someone:filegroup    thefile
>>
>> There is a programs data owned by group proggroup:
>>
>>  rw-rw----   someone2:proggroup    progdata
>>
>> I need a program (theprog) that can access 'thefile' and
>> 'progdata' simultaneously. Program can be executed by anyone.
>
> This is a clearer statement of the problem, in terms of what you're
> trying to accomplish.
>
> If you can make the program data owned by a special program user, and
> require the users of the program to make their files group-accessible
> by this special filegroup, then you can do it fairly simply, like this:
>
> Make each users' "thefile" be owned by group filegroup, for example:
>  rw-rw----   someone:filegroup    ~someone/thefile
>  rw-rw----   someone2:filegroup   ~someone2/thefile
>  rw-rw----   someone3:filegroup   ~someone3/thefile
>  ...
>
> Make the program's data file owned by *user* proguser:
>  rw-rw----   proguser:proggroup    progdata
>
> Now you can make the program setuid proguser/setgid filegroup:
>  r-sr-sr-x   proguser:filegroup    theprog
>
> This lets it be executed by any user and access its own data (via the
> suid) and the files the users have put into filegroup (via the sgid).

If you can't make progdata owned by proguser, or if more groups are 
needed, you might be able to abuse newgrp(1), which will let you run a 
program with your real and effective gids set to any specified group of 
which your real uid is a member.  This would require, though, that you 
break the code that requires access to those files into separate programs. 
(Though maybe they are as simple as cat'ing a file into a pipe or 
something.)

Example:

setuid(proguser);
FILE *data = popen("echo \"cat progdata\" | newgrp proggroup", "r");
/* read data */

etc.

If your program needs to do something really elaborate with the files that 
can't be factored out into a separate program, you could use newgrp to run 
a program that opens the file and passes its fd over a unix socket.  But 
then it's really becoming a hack. :)

Caution: I haven't tested any of this.

-- 

Nate Eldredge
nate at thatsmathematics.com

More information about the freebsd-hackers mailing list