[OpenIndiana-discuss] Solaris privileges and seteuid()

Frank Lahm franklahm at gmail.com
Tue Aug 21 12:43:41 UTC 2012


2012/8/21 Gordon Ross <gordon.w.ross at gmail.com>:
> On Fri, Aug 17, 2012 at 5:44 AM, Frank Lahm <franklahm at gmail.com> wrote:
>> 2012/8/17 James Relph <james at themacplace.co.uk>:
> [...]
>>>
>>> Thanks very much for that confirmation, really doesn't seem obvious in a lot of the documentation!  I don't have a system handy to test today (will do over the weekend) but I'll try and get a better idea of how that works over the weekend (in particular after a reboot, what UID/GID will a file/folder show (ie. with ls) until the same user logs in again and the new ephemeral mapping is created?).
>>
>> ephemeral ids break setuid/seteuid because they are not static on a
>> _running_ system. They may change anytime. Thus any POSIX compliant
>> application relying on these functions for privileges can not use
>> them.
>
> Really?

Yes. By using `getent group AD-GROUP` an existing user uid mapping
(which a process was using with seteuid at that time) changed which
badly affected that process.

> Where is your evidence?

I don't care proving this. Imo the lesson to learn is that as there's
no written guarantee of id mapping stability I will not bet my horse
on this.

> I don't think I've ever seen one
> change except after a reboot.

I bet you (and nobody else) has ever done serious testing using the
mapped ids in UNIX processes with POSIX calls like seteuid.

-f



More information about the OpenIndiana-discuss mailing list