Re: setuid(geteuid());?

> That is a valid concern, but the code doesn't actually prevent this.  I
> just tried
> 
> chmod u+s postgres
> su -
> postmaster -D ...
> 
> Then loaded the function
> 
> #include <postgres.h>
> 
> int32 touch(int32 a) {
>     if (setuid(0) == -1)
>         elog(ERROR, "setuid: %m");
>     elog(DEBUG, "getuid = %d, geteuid = %d", getuid(), geteuid());
>     system("touch /tmp/foofile");
>     setuid(500); /* my own */
>     return a + 1;
> }
> 
> and the output was
> 
> DEBUG:  getuid = 0, geteuid = 0
> 
> and I got a file /tmp/foofile owned by root.
> 
> ISTM that the best way to prevent this exploit would be to check for both
> geteuid() == 0 and getuid() == 0 in main.c.

Peter, can you check your setuid manual page.  Is there a mention of
special handling of saved-uid for root?  I don't have it here on BSD/OS
but have heard of some os's that treat setuid differently for root.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026