diff options
Diffstat (limited to 'lib/libc/sys/setuid.2')
| -rw-r--r-- | lib/libc/sys/setuid.2 | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/lib/libc/sys/setuid.2 b/lib/libc/sys/setuid.2 new file mode 100644 index 0000000..57ccadb --- /dev/null +++ b/lib/libc/sys/setuid.2 @@ -0,0 +1,197 @@ +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 +.\" $FreeBSD$ +.\" +.Dd June 4, 1993 +.Dt SETUID 2 +.Os +.Sh NAME +.Nm setuid , +.Nm seteuid , +.Nm setgid , +.Nm setegid +.Nd set user and group ID +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In unistd.h +.Ft int +.Fn setuid "uid_t uid" +.Ft int +.Fn seteuid "uid_t euid" +.Ft int +.Fn setgid "gid_t gid" +.Ft int +.Fn setegid "gid_t egid" +.Sh DESCRIPTION +The +.Fn setuid +system call +sets the real and effective +user IDs and the saved set-user-ID of the current process +to the specified value. +.\" Comment out next block for !_POSIX_SAVED_IDS +.\" The real user ID and the saved set-user-ID are changed only if the +.\" effective user ID is that of the super user. +.\" I.e. +.\" .Fn setuid +.\" system call is equal to +.\" .Fn seteuid +.\" system call if the effective user ID is not that of the super user. +.\" End of block +The +.Fn setuid +system call is permitted if the specified ID is equal to the real user ID +.\" Comment out next line for !_POSIX_SAVED_IDS +.\" or the saved set-user-ID +.\" Next line is for Appendix B.4.2.2 case. +or the effective user ID +of the process, or if the effective user ID is that of the super user. +.Pp +The +.Fn setgid +system call +sets the real and effective +group IDs and the saved set-group-ID of the current process +to the specified value. +.\" Comment out next block for !_POSIX_SAVED_IDS +.\" The real group ID and the saved set-group-ID are changed only if the +.\" effective user ID is that of the super user. +.\" I.e. +.\" .Fn setgid +.\" system call is equal to +.\" .Fn setegid +.\" system call if the effective user ID is not that of the super user. +.\" End of block +The +.Fn setgid +system call is permitted if the specified ID is equal to the real group ID +.\" Comment out next line for !_POSIX_SAVED_IDS +.\" or the saved set-group-ID +.\" Next line is for Appendix B.4.2.2 case. +or the effective group ID +of the process, or if the effective user ID is that of the super user. +.Pp +The +.Fn seteuid +system call +.Pq Fn setegid +sets the effective user ID (group ID) of the +current process. +The effective user ID may be set to the value +of the real user ID or the saved set-user-ID (see +.Xr intro 2 +and +.Xr execve 2 ) ; +in this way, the effective user ID of a set-user-ID executable +may be toggled by switching to the real user ID, then re-enabled +by reverting to the set-user-ID value. +Similarly, the effective group ID may be set to the value +of the real group ID or the saved set-group-ID. +.Sh RETURN VALUES +.Rv -std +.Sh ERRORS +The system calls will fail if: +.Bl -tag -width Er +.It Bq Er EPERM +The user is not the super user and the ID +specified is not the real, effective ID, or saved ID. +.El +.Sh SECURITY CONSIDERATIONS +Read and write permissions to files are determined upon a call to +.Xr open 2 . +Once a file descriptor is open, dropping privilege does not affect +the process's read/write permissions, even if the user ID specified +has no read or write permissions to the file. +These files normally remain open in any new process executed, +resulting in a user being able to read or modify +potentially sensitive data. +.Pp +To prevent these files from remaining open after an +.Xr exec 3 +call, be sure to set the close-on-exec flag is set: +.Bd -literal +void +pseudocode(void) +{ + int fd; + /* ... */ + + fd = open("/path/to/sensitive/data", O_RDWR); + if (fd == -1) + err(1, "open"); + + /* + * Set close-on-exec flag; see fcntl(2) for more information. + */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) + err(1, "fcntl(F_SETFD)"); + /* ... */ + execve(path, argv, environ); +} +.Ed +.Sh SEE ALSO +.Xr getgid 2 , +.Xr getuid 2 , +.Xr issetugid 2 , +.Xr setregid 2 , +.Xr setreuid 2 +.Sh STANDARDS +The +.Fn setuid +and +.Fn setgid +system calls are compliant with the +.St -p1003.1-90 +specification with +.Li _POSIX_SAVED_IDS +.\" Uncomment next line for !_POSIX_SAVED_IDS +not +defined with the permitted extensions from Appendix B.4.2.2. +The +.Fn seteuid +and +.Fn setegid +system calls are extensions based on the +.Tn POSIX +concept of +.Li _POSIX_SAVED_IDS , +and have been proposed for a future revision of the standard. +.Sh HISTORY +The +.Fn setuid +and +.Fn setgid +functions appeared in +.At v7 . |
