[Snort-devel] Re: SIGHUP doesn't work

Jeff Nathan jeff at ...835...
Mon Sep 22 23:25:08 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Tuesday, September 23, 2003, at 01:43 AM, Denny Page wrote:

>>> BTW, can you not do a setreuid() back to root since the saved uid
>>> is root?
>>
>> Yes you can, we should do that.
>
> No, you shouldn't.  :-)
>
> Once you've done a setuid to discard privilege, you should not 
> reinstate it
> for any reason.
>
> Denny

The wrapper function SetUidGid() (in util.c) calls setuid().  A call to 
setuid() made by root sets the saved user ID to the euid.  Thus, if we 
added code to call setreuid(), it would use the saved user ID which was 
equivalent to the euid when setuid() was called which would serve no 
purpose.

Conceptually, I see what you're getting at, but as explained on page 
217 of APUE (Advanced Programming in the Unix Environment), it doesn't 
work.  As I understand it, calling setreuid() is useful for the exec 
family of functions on setuid binaries but not when setuid() is called.

- -Jeff

- --
http://cerberus.sourcefire.com/~jeff       (gpg/pgp key id 6923D3FD)
"Problems cannot be solved at the same level of awareness that
created them."   - Albert Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/b+azEqr8+Gkj0/0RAsQDAJ9ujfQcYvvTpqSxCTKUJa7+GpRg/QCgpra/
S0np7Bh3C7wFgreHsa/gafQ=
=bba8
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list