Page History

In case of set-user-ID and set-group-ID programs, when the effective user-ID and group-ID are different from those of the real user, it is important to drop not only the user-level privileges but also the group privileges. While doing so, the order of revocation must be correct.

Wiki MarkupPOSIX defines {{setgid()}} to have the following behavior \ [[Open Group 2004|AA. Bibliography#Open Group 04]\]:

If the process has appropriate privileges, setgid() shall set the real group ID, effective group ID, and the saved set-group-ID of the calling process to gid.
If the process does not have appropriate privileges, but gid is equal to the real group ID or the saved set-group-ID, setgid() shall set the effective group ID to gid; the real group ID and saved set-group-ID shall remain unchanged.

...

Tool

Version

Checker

Description

Section
Compass/ROSE

Section
can detect some violations of this rule. In particular, it warns when calls to `setgid()` are immediately preceded by a call to `setuid()`

Section
Klocwork

Include Page

	c:Klocwork_Vc:
	Klocwork_V

Section
SV.FIU.PERMISSIONS SV.USAGERULES.PERMISSIONS

...

MITRE CWE: CWE-696, "Incorrect Behavior Order"

Bibliography

Wiki Markup\[[Chen 2002|AA. Bibliography#Chen 02] \] "Setuid Demystified" \
[[Dowd 2006|AA. Bibliography#Dowd 06]\] Chapter 9, "UNIX I: Privileges and Files" \[
[Open Group 2004|AA. Bibliography#Open Group 04]\] \[ [{{setuid()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setuid.html]\], and \ [[{{setgid()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setgid.html]\] \[[Tsafrir 2008|AA. Bibliography#Tsafrir 08]\] "The Murky Issue of Changing Process Identity: Revising 'Setuid ]
[Tsafrir 2008] "The Murky Issue of Changing Process Identity: Revising 'Setuid Demystified'"

...

50. POSIX (POS)

Space shortcuts

Page tree

Versions Compared

Old Version 44

New Version 45

Key

Bibliography