21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

tory. It is common to see the sticky bit applied to directories such as /tmp so that any<br />

user may create temporary files, but other users may not muck with them.<br />

Historically, application of the sticky bit to executable files also had meaning. Applying<br />

the sticky bit to an executable file would cause the operating system to treat the<br />

executable in a special way by keeping the executable image resident in memory<br />

once it was loaded, even after the image was no longer in use. This optimization is no<br />

longer necessary because of faster hardware and widespread support for and adoption<br />

of shared libraries. As a result, most modern Unix variants no longer honor the<br />

sticky bit for executable files.<br />

The setuid bit<br />

Normally, when an executable file loads and runs, it runs with the effective user, real<br />

user, and saved user IDs of the process that started it running. Under normal circumstances,<br />

all three of these user IDs are the same value, which means that the process<br />

cannot adjust its user IDs unless the process is running as the superuser.<br />

If the setuid bit is set on an executable, this behavior changes significantly. Instead of<br />

inheriting or maintaining the user IDs of the process that started it, the process’s<br />

effective user and saved user IDs will be adjusted to the user ID that owns the executable<br />

file. This works for any user ID, but the most common use of setuid is to use the<br />

superuser ID, which grants the executable superuser privileges regardless of the user<br />

that executes it.<br />

Applying the setuid bit to an executable has serious security considerations and consequences.<br />

If possible, avoid using setuid. Unfortunately, that is not always possible;<br />

Recipes 1.3 and 1.4 discuss the setuid bit and the safe handling of it in more detail.<br />

The setgid bit<br />

Applied to an executable file, the setgid bit behaves similarly to the setuid bit.<br />

Instead of altering the assignment of user IDs, the setgid bit alters the assignment of<br />

group IDs. However, the same semantics apply for group IDs as they do for user IDs<br />

with respect to initialization of a process’s group IDs when a new program starts.<br />

Unlike the setuid bit, the setgid bit also has meaning when applied to a directory.<br />

Ordinarily, the group owner of a newly created file is the same as the effective group<br />

ID of the process that creates the file. However, when the setgid bit is set on the<br />

directory in which a new file is created, the group owner of the newly created file will<br />

instead be the group owner of the directory. In addition, Linux will set the setgid bit<br />

on directories created within a directory having the setgid bit set.<br />

On systems that support mandatory locking, the setgid bit also has special meaning<br />

on nonexecutable files. We discuss its meaning in the context of mandatory locking<br />

in Recipe 2.8.<br />

40 | Chapter 2: Access Control<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!