Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.unix.programmer > #8197

Re: fork with user privilegs/rights?

Show all headers | View raw

On Fri, 18 Mar 2016 15:35:44 +0000 (UTC)
Kaz Kylheku <330-706-9395@kylheku.com> wrote:
>On 2016-03-18, spud@potato.field <spud@potato.field> wrote:
>> On Fri, 18 Mar 2016 15:10:43 +0000 (UTC)
>> Kaz Kylheku <330-706-9395@kylheku.com> wrote:
>>>On 2016-03-18, spud@potato.field <spud@potato.field> wrote:
>>>> On Fri, 18 Mar 2016 14:29:39 +0000 (UTC)
>>>> Kaz Kylheku <330-706-9395@kylheku.com> wrote:
>>>>>On 2016-03-18, Heinz-Mario Frühbeis <Div@Earlybite.individcore.de> wrote:
>>>>>> Hi,
>>>>>>
>>>>>> AFAIK has a forked process the same user privilegs/rights from which is 
>>>>>> forked.
>>>>>> But is it possible to fork e.g. with/for sudo-rights, or if, again with 
>>>>>> normal rights?
>>>>>
>>>>>Not in fork itself. A superuser process can fork an unprivileged child
>>>>>by dropping privileges in the child case.
>>>>>
>>>>>Pseudocode:
>>>>>
>>>>>  pid = fork();
>>>>>
>>>>>  if (pid > 0) { /* child */
>>>>>    setuid(getuid()); /* First order of business: drop privs. */
>>>>
>>>> Shouldn't that be seteuid(getuid()) ?
>>>
>>>No; that's how you temporarily drop effective to real in a setuid
>>>process.
>>
>> I thought thats what you were doing. Whats the point in setuid(getuid()) ?
>> It doesn't change anything.
>
>While syntactically it looks like a no-op, it isn't. Whereas getuid
>accesses the real UID, setuid sets the effective one, like seteuid.

Didn't know that - seems slightly counter intuitive to have setuid() do both
operations since if for whatever reason you wanted to change the real uid but
not the effective uid you'd need 2 calls, one to setuid() and one to seteuid()
to change it back again.

--
Spud

Back to comp.unix.programmer | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

fork with user privilegs/rights? Heinz-Mario Frühbeis <Div@Earlybite.individcore.de> - 2016-03-18 12:19 +0100
  Re: fork with user privilegs/rights? Lew Pitcher <lew.pitcher@digitalfreehold.ca> - 2016-03-18 09:55 -0400
  Re: fork with user privilegs/rights? Siri Cruise <chine.bleu@yahoo.com> - 2016-03-18 07:28 -0700
    Re: fork with user privilegs/rights? Kaz Kylheku <330-706-9395@kylheku.com> - 2016-03-18 14:45 +0000
    Re: fork with user privilegs/rights? scott@slp53.sl.home (Scott Lurndal) - 2016-03-18 14:45 +0000
  Re: fork with user privilegs/rights? Kaz Kylheku <330-706-9395@kylheku.com> - 2016-03-18 14:29 +0000
    Re: fork with user privilegs/rights? spud@potato.field - 2016-03-18 14:41 +0000
      Re: fork with user privilegs/rights? Kaz Kylheku <330-706-9395@kylheku.com> - 2016-03-18 15:10 +0000
        Re: fork with user privilegs/rights? spud@potato.field - 2016-03-18 15:17 +0000
          Re: fork with user privilegs/rights? Kaz Kylheku <330-706-9395@kylheku.com> - 2016-03-18 15:35 +0000
            Re: fork with user privilegs/rights? spud@potato.field - 2016-03-18 15:45 +0000
              Re: fork with user privilegs/rights? Kaz Kylheku <330-706-9395@kylheku.com> - 2016-03-18 19:15 +0000
                Re: fork with user privilegs/rights? Geoff Clare <geoff@clare.See-My-Signature.invalid> - 2016-03-21 14:23 +0000
      Re: fork with user privilegs/rights? Joe Pfeiffer <pfeiffer@cs.nmsu.edu> - 2016-03-18 09:19 -0600
    Re: fork with user privilegs/rights? Joe Pfeiffer <pfeiffer@cs.nmsu.edu> - 2016-03-18 09:15 -0600
  Re: fork with user privilegs/rights? Thomas Jahns <jahns@idontlikespam.dkrz.de> - 2016-03-18 17:29 +0100
    Re: fork with user privilegs/rights? Rainer Weikusat <rweikusat@talktalk.net> - 2016-03-18 21:00 +0000
      Re: fork with user privilegs/rights? Thomas Jahns <jahns@idontlikespam.dkrz.de> - 2016-03-21 11:23 +0100
        Re: fork with user privilegs/rights? Rainer Weikusat <rweikusat@talktalk.net> - 2016-03-22 16:52 +0000
  Re: fork with user privilegs/rights? gordonb.9720g@burditt.org (Gordon Burditt) - 2016-03-19 00:04 -0500

csiph-web