...
If the process has appropriate privileges,
setgid()shall set the real group ID, effective group ID, and the saved set-group-ID of the calling process togid.If the process does not have appropriate privileges, but
gidis equal to the real group ID or the saved set-group-ID,setgid()shall set the effective group ID togid; the real group ID and saved set-group-ID shall remain unchanged.
...
Noncompliant Code Example
This non-compliant noncompliant code example drops privileges to those of the real user and similarly also accounts for dropping the group privileges. However, the specified order is incorrect because the call to setuid() will leave the effective user ID as non-zero. The setgid() system call in the next line should be run with superuser privileges, but this call fails to behave as expected because the effective user ID is no longer that of the superuser (now non-zero after the privilege drop in the previous line). In effect, if another flaw that allows execution of a setegid(0) or a setregid(-1,0) is found in the program, the attacker can regain the original group privileges, because setgid(getgid()) tends to leave the saved set-group-ID intact under the conditions discussed.
...
| Wiki Markup |
|---|
\[[Chen 02|AA. C References#Chen 02]\] "Setuid Demystified" \[[Dowd 06|AA. C References#Dowd 06]\] Chapter 9, "UnixUNIX I: Privileges and Files" \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYO Privilege Sandbox Issues" \[[Open Group 04|AA. C References#Open Group 04]\] [{{setuid()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setuid.html], [{{setgid()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setgid.html] |
...