Chapter Nine Question One

Michael Kerrisk Linux Programming Interface

Question:

Assume in each of the following cases that the initial set of process user IDs is real=1000 effective=0 saved=0 file-system=0. What would be the state of the user IDs after the following calls?

  1. setuid(2000);
  2. setreuid(-1, 2000);
  3. seteuid(2000);
  4. setfsuid(2000);
  5. setresuid(-1, 2000, 3000);

Supplemental Information

Every process has a set of associated numeric user identifiers (UIDs) and group identifiers (GIDs). Sometimes these are referred to as process credentials. These identifiers are as follows:

  • real user ID and group ID
  • effective user ID and group ID
  • Saved set-user-ID and saved set-group-ID
  • file-system user ID and group ID (linux specific)
  • supplementary group IDs

 

The real user ID and group ID

These identify the user and group to which the process belongs. As part of the login process, a login shell gets its real user and group IDs from the third and fourth fields of the user’s password record in the /etc/passwd file. When a new process is created, it inherits these identifiers from its parent.

Effective User ID and Effective Group ID

These are used to determine the permissions granted to a process when it tires to perform various operations (i.e. system calls). The effective user ID is also used by the kernel to determine whether one process can send a signal to another.

A process whose effective user ID is 0 (root) has all privileges of the superuser. Such a process is refereed to as a privileged process. Certain system calls can be executed only by privileged processes. Normally the effective user and group IDs have the same values as the corresponding real IDs, but there are two ways in which the effective IDs can be different values.

Answer

1. setuid(2000)

A set-user-ID program allows a process to gain privileges it would not normally have, by setting the process's effective user ID to the same value as the user ID (owner) of the executable file.

The setuid() system call changes the effective user ID and possibly the real user ID and the saved set-user ID of the calling process to the value given by the uid argument. When an unprivileged process calls setuid(), only the effective user ID of the process is changed. Furthermore, it can be changed only to the same value as either the real user ID or saved set-user-ID, attempts to violate this constrait will yield the error EPERM). This means that, for unprivileged users this call is useful only when executing a set-user-ID program.

Executing as a privileged user with a non-zero argument would lead the real user ID, effective user ID and saved set-user-ID all set to the value spcified in the argument. This is a one-way trip, in that once a privileged process has changed its identifers in this way, it loses all prvileges and therefore can't subsequently use setuid() to reset the identifiers back to 0.

Due to the effective being zero in our question we know that the it is a super user so the answer would lead to: real=2000 effective=2000 saved=2000 file-system=2000

2. setreuid(-1, 2000);

The setreuid() system call allows the calling process to independtly change the values of its real and effective user IDs. The first argument is the new real ID the second arguemnt is the new effective ID. If we want to change only one of the identifiers then we can specify -1 for the other argument.

An unprivileged process can set the real user ID only to the current value of the real (i.e., no change) or effective user ID. The effective user ID can be set only to the current value of the real user ID. The effective user ID can be set only to the current value of the real user ID, effective user ID (i.e. nochnage) or saved set-user-ID.

A privileged process can make any changes to the IDs.

For both privileged and unprivileged processes, the saved set-user-ID is also set fo the same value as the (new) effective user ID if either of the following is true: ruid is not -1 or the effective user ID is being set to a value other than the value of the real user ID prior to the call.

So the answer would be in this case real=1000 effective=2000 saved=2000 saved=2000

3. seteuid(2000);

The seteuid() governs the changes that a process may make to its effective IDs.

An unpriviledged process change the effective ID only to the same value as the corresponding real or saved set ID.

A privileged process can change an effective ID to any value. If a privileged process uses seteuid() to change its effective user ID to a nonzero value, then it ceases to be prvileged (but may be able to regain privilege via the previous rule).

So the answer is: real=1000 effective=2000 saved=0 file-system=2000

4. setfsuid(2000);

The setfsuid() governs the changes that a process can make to its file system IDs. Filesystem IDs aren't typically used very much anymore.

An unprivileged process can set the file-system user ID to the current value of the real user ID, effective user ID, file-system user ID or saved set-user ID.

A privileged process can set the file system user ID to any value.

So the answer is: real=1000 effective=0 saved=0 file-system=2000

5. setresuid(-1, 2000, 3000);

The setresuid() system call allows the calling process to independently change the values of all three of its user IDs. The new values for each of the user IDs are specified by the three arguemnts to the system call.

An unprivileged process can set any of its real user ID, effective user ID, and saved set-user-ID to any of the values currently in its current real user ID, effective userID or saved set-user-ID.

A privileged process can make arbitrary changes to its real user ID, effective user ID and saved set user ID.

Regardless of whether the call makes any changes to other IDs, the file system user ID is always set to the same value as the (posisbly new) effective user ID.

So the answer is:real=1000, effective=2000, saved=3000, file-system=2000