Re: how to identify the superuser in C

[Will Aoki <waoki@umnh.utah.edu>]

On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> I am working on adding a high score list to a game written in C.
> (It's already packaged.)  The high score list will be 664 root:games
> and the game binary will be sgid games --- nothing special here.
> I want to dump and undump the list.  Allowing everyone to undump
> the list will lead to cheating or even security problems, so I want to
> make sure that only the superuser may undump.  Since the binary is
> sgid, some check is necessary before trying to write the list.
> 
> The problem is that there is fakeroot. getuid() == 0 or
> geteuid() == 0 is not enough.  PAM is an overkill.
> I think seteuid(0) == 0 is the best approach.
> Any opinion?

It shouldn't be possible [0] to preload libraries for set[ug]id
executables, so fakeroot shouldn't be able to work.


A simple test / demonstration: compile this source:

--- begin uid.c ---
int main () {
        printf ("uid %i euid %i\n", getuid(), geteuid());
	return 0;
}
--- end uid.c ---

then:

$ gcc -o uid uid.c
$ su
Password: 
# chgrp games uid
# chmod 2555 uid
# exit
$ ls -al uid
-r-xr-sr-x    1 waoki    games        5254 Dec 11 01:59 uid
$ id
uid=1000(waoki) gid=1000(waoki) groups=1000(waoki),4(adm),20(dialout),24(cdrom),29(audio),16(mol)
$ ./uid
uid 1000 euid 1000
$ fakeroot id
uid=0(root) gid=0(root) groups=1000(waoki),4(adm),20(dialout),24(cdrom),29(audio),16(mol)
$ fakeroot ./uid
./uid: error while loading shared libraries: libfakeroot.so.0: cannot open shared object file: No such file or directory
$ 



[0] there is an exceptional case - see the ld.so manpage - but it
    dosen't apply here.

-- 
William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B  <- key change    \ /  No HTML in mail or news!
99AF A093 29AE 0AE1 9734   prev. expired    X
                                           / \