setuid patch

Anatoly Vorobey mellon@pobox.com
Sat, 6 Sep 2003 23:51:43 +0300


On Fri, Sep 05, 2003 at 06:13:29PM -0400, Lisa Seelye wrote:
> Attached is a patch made against the v1.38 memcached.c file to make
> dropping root privileges possible (with the -u flag).

Your is_superuser() checks getuid() and getgid() to see if we're
root. But if someone installs memcached setuid and runs it as non-root,
it'll have nonzero real id and zero effective id, so it won't pass
your check, right? - but will still have root privileges.

Seems it'd be safer to check like this: root if getuid()==0 || 
geteuid()==0 , no? Without enforcing getgid()==0 as in your patch,
since if the userid is 0 and groupid is nonzero the program still has
root privs. I'm asking rather than asserting, as I'm not really
knowledgable about real and effective id details. I'm going by
manpages and this: 
http://www.suse.de/en/private/support/howto/secprog/secprog2.html

-- 
avva