| setuid.2 (165903) | setuid.2 (208027) |
|---|---|
| 1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 12 unchanged lines hidden (view full) --- 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 | 1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 12 unchanged lines hidden (view full) --- 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 |
| 29.\" $FreeBSD: head/lib/libc/sys/setuid.2 165903 2007-01-09 00:28:16Z imp $ | 29.\" $FreeBSD: head/lib/libc/sys/setuid.2 208027 2010-05-13 12:07:55Z uqs $ |
| 30.\" 31.Dd June 4, 1993 32.Dt SETUID 2 33.Os 34.Sh NAME 35.Nm setuid , 36.Nm seteuid , 37.Nm setgid , --- 81 unchanged lines hidden (view full) --- 119.Rv -std 120.Sh ERRORS 121The system calls will fail if: 122.Bl -tag -width Er 123.It Bq Er EPERM 124The user is not the super user and the ID 125specified is not the real, effective ID, or saved ID. 126.El | 30.\" 31.Dd June 4, 1993 32.Dt SETUID 2 33.Os 34.Sh NAME 35.Nm setuid , 36.Nm seteuid , 37.Nm setgid , --- 81 unchanged lines hidden (view full) --- 119.Rv -std 120.Sh ERRORS 121The system calls will fail if: 122.Bl -tag -width Er 123.It Bq Er EPERM 124The user is not the super user and the ID 125specified is not the real, effective ID, or saved ID. 126.El |
| 127.Sh SECURITY CONSIDERATIONS 128Read and write permissions to files are determined upon a call to 129.Xr open 2 . 130Once a file descriptor is open, dropping privilege does not affect 131the process's read/write permissions, even if the user ID specified 132has no read or write permissions to the file. 133These files normally remain open in any new process executed, 134resulting in a user being able to read or modify 135potentially sensitive data. 136.Pp 137To prevent these files from remaining open after an 138.Xr exec 3 139call, be sure to set the close-on-exec flag is set: 140.Bd -literal 141void 142pseudocode(void) 143{ 144 int fd; 145 /* ... */ 146 147 fd = open("/path/to/sensitive/data", O_RDWR); 148 if (fd == -1) 149 err(1, "open"); 150 151 /* 152 * Set close-on-exec flag; see fcntl(2) for more information. 153 */ 154 if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) 155 err(1, "fcntl(F_SETFD)"); 156 /* ... */ 157 execve(path, argv, environ); 158} 159.Ed | |
| 160.Sh SEE ALSO 161.Xr getgid 2 , 162.Xr getuid 2 , 163.Xr issetugid 2 , 164.Xr setregid 2 , 165.Xr setreuid 2 166.Sh STANDARDS 167The --- 18 unchanged lines hidden (view full) --- 186and have been proposed for a future revision of the standard. 187.Sh HISTORY 188The 189.Fn setuid 190and 191.Fn setgid 192functions appeared in 193.At v7 . | 127.Sh SEE ALSO 128.Xr getgid 2 , 129.Xr getuid 2 , 130.Xr issetugid 2 , 131.Xr setregid 2 , 132.Xr setreuid 2 133.Sh STANDARDS 134The --- 18 unchanged lines hidden (view full) --- 153and have been proposed for a future revision of the standard. 154.Sh HISTORY 155The 156.Fn setuid 157and 158.Fn setgid 159functions appeared in 160.At v7 . |
| 161.Sh SECURITY CONSIDERATIONS 162Read and write permissions to files are determined upon a call to 163.Xr open 2 . 164Once a file descriptor is open, dropping privilege does not affect 165the process's read/write permissions, even if the user ID specified 166has no read or write permissions to the file. 167These files normally remain open in any new process executed, 168resulting in a user being able to read or modify 169potentially sensitive data. 170.Pp 171To prevent these files from remaining open after an 172.Xr exec 3 173call, be sure to set the close-on-exec flag is set: 174.Bd -literal 175void 176pseudocode(void) 177{ 178 int fd; 179 /* ... */ 180 181 fd = open("/path/to/sensitive/data", O_RDWR); 182 if (fd == -1) 183 err(1, "open"); 184 185 /* 186 * Set close-on-exec flag; see fcntl(2) for more information. 187 */ 188 if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) 189 err(1, "fcntl(F_SETFD)"); 190 /* ... */ 191 execve(path, argv, environ); 192} 193.Ed |
|