Solved

getting uid & euid of a process

Posted on 1998-10-10
7
913 Views
Last Modified: 2008-02-26
How is it possible to get the real & effective user id of
a given process?

The idea is to call something like geteuid(), from inside a
c program, to get the effective user id of ANOTHER process
(let's say the father).
0
Comment
Question by:mliberi
  • 3
  • 3
7 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2007386
man proc
pcred()
0
 
LVL 3

Author Comment

by:mliberi
ID: 2007387
thank you for your reply, but I can't accept it because it didn't help me resolving the problem.

I didn't find any reference to pcred() function in the system documentation, AIX 4.1.5

About 'man proc' the system simply replied:
proc Command for the Kernel Debug Program

to be clearer I would like the code for such a function

int getpeuid(int pid)
/* get the effective user id for process pid */
{
  /* place the code here */
  /* possibly without forking */
  /* must compile and run in *any* unix compliant O.S */
}
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2007388
Oops, thought that proc() is standard UNIX.
Anyway, check if AIX supports /proc, if so you can check with:

   ls -l /proc/<pid>/

Use a pid of the current user, then you may also do:

   cat /proc/<pid>/status

Another posibility:  man -k pstat
(sorry don't have AIX handy)

> /* must compile and run in *any* unix compliant O.S */
AFAIK, you have to manage this with OS-dependent #defines.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Accepted Solution

by:
ksb earned 100 total points
ID: 2007389
You can't.  It can change (setreuid(), setuid()) and you must be root to read kmem on older vmunix's (that do not have /proc).

You can get a guess on systems that support /proc, but it could change in the next instruction.  What are you really trying to do?

If you want a process to prove it is running as a User you _can_ do that with 100% portable code -- but it'll cost you points.

0
 
LVL 3

Author Comment

by:mliberi
ID: 2007390
Ok. It doesn't seem to be an easy task.
Let's try do put the question in other terms:

the program I'm writing runs with S_ISUID bit set with superuser authority, do some work as superuser and then forks. I want the child process to run with normal user authority, so, before it 'exec', it has to restore the previous effective user id. The problem is how to get such an information!

example:
process A, uid=x euid=y,   exec my program that is owned by root    and has S_ISUID bit set, so process B has been generated. I have no control on process A code, it could be *any* program.

process B, uid=x euid=0, do some work as superuser, and before
exec'ing a new file, I want it to restore old euid by calling seteuid(y).

Unfortunately 'exec' system call doesn't save old euid before changing it, so the idea was to retrieve the euid of the parent with a function like the one I requested; but a cleaner and safer way to get that information would be greatly appreciated. In fact it is not true, generally speaking, that the parent process is still alive when the child tries to retrieve it's effective user id.

Obviously the proposed solution must be system independent and use only standard system call.

If you need any other information about the question, please append a new comment.

Thank you very much for your reply to my question.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2007391
in your code:
1. save euid before seteuid()
2. remember that after a fork the child process has access to all
   variables of the parent, even the saved euid
3. so you may either do a seteuid(saved euid) in your child
   before exec()ing, or you may pass the saved euid as parameter
   to the program exec'd

You just use libc, you don't need platform specific knowledge and calls.
Is this what you need?
0
 
LVL 3

Author Comment

by:mliberi
ID: 2007392
I can't save old euid, because I have no control on the code
that exec my program (usually a shell).
When my program begins running the euid has ALREADY been changed
by 'exec'.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now