开发者

Why many servers change its uid and gid,what's the benefit?

开发者 https://www.devze.com 2023-03-10 15:39 出处:网络
I see such logic in many open source projects: if (setuid() == 0) { if (setgid(ccf->group) == -1) { ...

I see such logic in many open source projects:

if (setuid() == 0) {
   if (setgid(ccf->group) == -1) {
   ...
   if (initgroups(ccf->username, ccf->group) == -1) {

I have 2 questions on this:

  1. What's the benifit to change to another gid and uid?
  2. And what's initgroups for? IMO,to change gid and uid开发者_开发知识库,setuid() and setgid() will be enough.


Most of the time, system daemons are spawned by init scripts and therefore run as root. Calling setuid() and setgid() allows them to drop their superuser privileges and impersonate another user on the system (generally far less powerful than root). That way, bugs and security holes become less lethal to the system.

Concerning the second part of your question, initgroups() is called to reinitialize the group access list and add ccf->group to the list of groups that ccf->username belongs to. That's probably done because calling setgid() is not sufficient for the access rights associated with the new group to be propagated to the process.


Generally, you need administrative permission to listen on ports 1023 and below. (There are other reasons to start as administrator, but that's the big one.) But here's the thing: You can start as administrator, bind the socket, then drop down to be a user.

Now, why would you want to be a user? Well, if you run with the smallest amount of permissions possible, and your program is compromised, then the damage will be contained.


On some OS setgid() toasts the supplementary groups. Calling initgroups() before setgid() is thus ineffective.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号