1

I realised I've missed a subtlety with user IDs (UID) and effective user IDs (EUID) and need some clarification. N.B. I'm working on macOS, although I suspect everything makes sense in a Linux world as well.

I've created a binary and set the setuid bit on it (with chmod +s). If I run this binary and log the values from getuid() and geteuid() then I see UID=501 (my regular user) and EUID=0 (root). I can futher call setuid(0) to set UID=0.

My question is, when would I need to do that? i.e. What can my process do with (UID, EUID)=(0,0) that it can't do with (UID, EUID)=(501,0)?

Andrew Parker
  • 1,425
  • 2
  • 20
  • 28

1 Answers1

0

Normally when you run a binary, it runs as you. ie: your UID. When you setuid, the binary no longer runs as you, but as the owner of the file. In this case that user is root.

root (uid=0) can do just about anything, including changing their own UID. There shouldn't be any difference between (0,0) (501,0) except..... One is YOU running something as root and the other is root running something as root. Essentially, it makes you root.

Brian Makin
  • 887
  • 1
  • 6
  • 17
  • Sure, I understand that conceptually. But I'm not clear what, if any, functional difference that makes. I can, for example, see in *ps* output that there's a binary running as root on behalf of me, but that's really just informational. – Andrew Parker Dec 19 '19 at 13:31
  • One clue I've found is in the sudo source code: `/* Become full root (not just setuid) so user cannot kill us. */ if (setuid(ROOT_UID) == -1)`. This one is sort of obvious now I see it. But I'm trying to understand what other impacts there are. – Andrew Parker Dec 19 '19 at 13:34
  • programs like firehol will read the uid and take different actions depending on whether or not it is root the one requesting the action and for that they reak the uid. – Julio Spinelli Nov 15 '21 at 17:35