Setuid binaries and File Ownerships in FreeBSD9.0

[CyberLeo Kitsana]

On 01/23/2013 02:26 PM, Martin McCormick wrote:
> 	The executable in question is a C program whos file
> permissions are 4755 and the file belongs to root so all files
> it opens are also owned by root and that works properly, but
> what I need is for this application to first open a few files owned by
> the caller and then later, upgrade back to root and write to
> files the caller can not write to. I was hoping to avoid using
> chown and chgrp and simply let the privilege level of the
> application dictate ownership of any file it opens.
> 
> 	When the application first runs, it gets the UID and GID
> of the user and uses 
> 
> setuid(heruid); and setgid(hergid); to temporarily downgrade and
> those files are owned by the right user but setuid(0); doesn't
> appear to upgrade back to root.
> 
> 	Is there any other strategy that gets one back to root
> short of using chown and then a system call and never
> downgrading privilege?

seteuid(2) ?

Alternately, open the privileged files before dropping root; you should
still be able to write to them afterwards.

-- 
Fuzzy love,
-CyberLeo
Furry Peace! - http://www.fur.com/peace/