In case of set-user-ID and set-group-ID programs, when the user-ID and group-ID are different from those of the user, it is important to drop not only the user level privileges but also the group and supplemental group privileges. While doing so, the order of revocation must be correct.
| Wiki Markup |
|---|
POSIX defines {{setgid()}} to have the following behaviour \[[Open Group 04|AA. C References#Open Group 04]\] |
If the process has appropriate privileges,
setgid()shall set the real group ID, effective group ID, and the saved set-group-ID of the calling process togid.If the process does not have appropriate privileges, but
gidis equal to the real group ID or the saved set-group-ID,setgid()shall set the effective group ID togid; the real group ID and saved set-group-ID shall remain unchanged.
Non-Compliant Code Example
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Chen 02]\] Setuid Demystified \[[Dowd 06|AA. C References#Dowd 06]\] Chapter 9, "Unix I: Privileges and Files" \[[Chen 02Open Group 04|AA. C References#Open Group 04]\] Setuid Demystified[{{setuid()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setuid.html], [{{setgid()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setgid.html] |