unixsetuid

set-UID privieged programs


I have 2 question:

  1. Consider the situation where Alice runs a owned Set-UID program by Bob. The program wants to read the file contained in / etc / data, readable by Alice, but by no one else. Can this program access the file?

  2. Consider the situation where a process wants to access a file for reading; the effective user ID of the process is 3000 and the real user ID is 4000. If the file is readable for user ID 4000, but not for user ID 3000, this process can access the file?


Solution

  • These are really the same question, and the answer in both cases is no, unless the program uses setresuid to change its effective UID to its real UID, or it uses setfsuid (Linux-specific) to change its filesystem UID to its real UID. But the program would have to be designed for this scenario; an ordinary program that never manipulates its UID/GID and just accesses files will fail the permission check.