Question about a recent change to uidswap.c in the portability snapshot

Darren Tucker dtucker at zip.com.au
Thu Jan 27 09:36:16 EST 2005


David Holmes wrote:
> A change was recently introduced into uidswap.c to cover the case where
> the user is root.  The change is "&& pw->pw_uid != 0 &&".
>  
>         /* Try restoration of GID if changed (test clearing of saved
> gid) */
>         if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
>             (setgid(old_gid) != -1 || setegid(old_gid) != -1))
>                 fatal("%s: was able to restore old [e]gid", __func__);
> 
> My question is, should this change also be included in the setuid() call
> a few lines later?
>  
>         /* Try restoration of UID if changed (test clearing of saved
> uid) */
>         if (old_uid != pw->pw_uid &&   [should change be here also?]
>             (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
>                 fatal("%s: was able to restore old [e]uid", __func__);

I don't think it's necessary.

The gid test was put in to handle the case where the root user is 
running as their non-default group (ie they've run "newgrp").  In that 
case, because root can set its uid to whatever it wants, the group 
restore test will fail.  For the second test, old_uid and pw_uid will be 
the same so the second test won't fail either.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list