Opinion on checking return value of setuid(getuid())?

Xin Li delphij at delphij.net
Mon Oct 1 11:07:40 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/1/12 3:31 AM, Erik Cederstrand wrote:
> I'm looking through the clang analyzer reports and found this one: 
> http://scan.freebsd.your.org/freebsd-head/sbin.ping/2012-09-30-amd64/report-R9ZgC6.html#EndPath
>
>
> 
It's complaining that, if setuid() fails for some reason, the
> process will continue with root privileges because the process is 
> suid root.
> 
> At first glance, it seems unnecessary to check the return value of 
> "setuid(getuid())" since the user should always be able to drop 
> privileges to itself. So I filed this bug with LLVM: 
> http://llvm.org/bugs/show_bug.cgi?id=13979
> 
> It turns out that setuid() *may* fail if the user hits its process 
> limit. Apparently FreeBSD doesn't check the limit in the specific 
> setuid(getuid()) case (I can't find the code anywhere right now)
> so this is not an issue, but Linux does. However, if FreeBSD
> decides to change the setuid() implementation at some point, the
> issue may surface again.

I didn't follow the idea -- In Linux's kernel/sys.c:

SYSCALL_DEFINE1(setuid, uid_t, uid)
{
(...)
        kuid = make_kuid(ns, uid);
(...)
        if (nsown_capable(CAP_SETUID)) {
                new->suid = new->uid = kuid;
                if (!uid_eq(kuid, old->uid)) { // <-- 1
                        retval = set_user(new); // <-- check done here
                        if (retval < 0)
                                goto error;
                }

How can the check be even reached in setuid(getuid()) case?  It's also
conflict with intuition by the way -- we are not changing ownership of
the process, thus the process number should not change...

Cheers,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)

iQEcBAEBCAAGBQJQaXl0AAoJEG80Jeu8UPuz22AIAIBhAdEscXjcsQR06qzFntn4
lVVLzlPH+KdgUezbE5uMWbtNj0Az7ny66QQ2ocgh5KK8bc5i1486T9+32k6X7Cft
gxE7tpPGkrb6uT62TV4Z5TkJ3NLfqQ6pABiYFONUS72Zy2zPE9stq5X4XrySXlTh
Oft6hpLK5qtxucD7RUKrj8Ofw6kugKm7+KDXqQUU2CuEkCZZUiY1KarJK1fyPHF7
9APaaWyWZt6yMj3qn/2btmR4GZoZMQdfUqe8EIhpxGdKseB81FIdHfDo2bzDGRcx
jUUIbrFxLTypjXws2IPneHYaKpLfs5RWT6yKPRkdKIkfQYTeJMb0MjlD6q7acWo=
=hknO
-----END PGP SIGNATURE-----

More information about the freebsd-security mailing list