Setuid binaries and File Ownerships in FreeBSD9.0
Martin McCormick
martin at dc.cis.okstate.edu
Wed Jan 23 20:34:58 UTC 2013
The executable in question is a C program whos file
permissions are 4755 and the file belongs to root so all files
it opens are also owned by root and that works properly, but
what I need is for this application to first open a few files owned by
the caller and then later, upgrade back to root and write to
files the caller can not write to. I was hoping to avoid using
chown and chgrp and simply let the privilege level of the
application dictate ownership of any file it opens.
When the application first runs, it gets the UID and GID
of the user and uses
setuid(heruid); and setgid(hergid); to temporarily downgrade and
those files are owned by the right user but setuid(0); doesn't
appear to upgrade back to root.
Is there any other strategy that gets one back to root
short of using chown and then a system call and never
downgrading privilege?
Thank you.
More information about the freebsd-questions
mailing list