Where results make sense

About us   |   Why use us?   |   Reviews   |   PR   |   Contact us

SETGID This allows a setgid (other than root) program to drop all of its group privileges, do some un-privileged work, and then re-engage the original effective group ID in a secure manner. If the user is root or the program is setgid root, special care must be taken. The setgid function checks the effective gid of the caller and if it is the superuser, all process related group ID’s are set to gid. www.devdaily.com /unix/man/man2/setgid.2.shtml   (192 words)

UNIX File Permissions The effect of running an executable with a setuid bit is to change the effective user ID of the process to the user that owns the file; similarly the setgid bits causes the effective group ID of the process to be set to the group of the file. Similarly, games are sometimes made setgid to the "games" group, which is used to control write access to high score files and other such administrivia. Conversely if you have 'x' but not 'r' then you will not be able to list the files in it, but if you happen to know their names then you will still be able to access them, and you will be able to "cd" into the directory. www.greenend.org.uk /rjk/2004/perms.html   (1234 words)

setgid If the process does not have appropriate privileges, but gid is equal to the real group ID or the saved set-group-ID, setgid() shall set the effective group ID to gid; the real group ID and saved set-group-ID shall remain unchanged. The setgid() function shall not affect the supplementary group list in any way. The effects of setgid() in processes without appropriate privileges are changed. www.opengroup.org /onlinepubs/009695399/functions/setgid.html   (267 words)

hpux setgid.2   (Site not responding. Last check: 2007-11-02) The following conditions govern setgid()'s behavior: o If euid is zero, setgid() sets the rgid and egid to gid. o If euid is not zero, but the argument gid is equal to the rgid or the sgid, setgid() sets the egid to gid; the rgid and sgid remain unchanged. ERRORS setuid() and setgid() fail and return -1 if any of the following conditions are encountered: Hewlett-Packard Company - 1 - HP-UX Release 9.0: August 1992 setuid(2) setuid(2) [EPERM] None of the conditions above are met. www.informatik.uni-frankfurt.de /doc/man/hpux/setgid.2.html   (361 words)

Vulnerability with -C in *IBM's* version of sendmail A post from Troy Bollinger at IBM clarified that you have to be in the "system" group (gid 0) in order to use the -C trick. Basically, on kernels with group sets, where groupset[0] is not equivalent to getegid(), and if sendmail has the setgid bit set, this problem can occur. Either do not run sendmail setgid (there is absolutely no reason for it to need the setgid bit), or upgrade to 8.8.7, which does not have the problem even if it is setgid. www.insecure.org /sploits/AIX.sendmail-C.html   (351 words)

setgid   (Site not responding. Last check: 2007-11-02) Under Linux, setgid is implemented like SYSV with SAVED_IDS. This allows a setgid (other than root) program to drop all of it's group privileges, do some un-privi- leged work, and then re-engage the original effective group ID in a secure manner. The setgid function checks the effec- tive gid of the caller and if it is the superuser, all process related group ID's are set to gid. www.phim.unibe.ch /comp_doc/c_manual/C/MAN/setgid.htm   (165 words)

phpMan: setgid(2)   (Site not responding. Last check: 2007-11-02) The setgid() function sets the real and effective group IDs and the saved set-group-ID of the current process to the specified value. The setgid() function is permitted if the specified ID is equal to the real group ID or the effective group ID of the process, or if the effective user ID is that of the super user. The seteuid() and setegid() functions are extensions based on the POSIX concept of _POSIX_SAVED_IDS, and have been proposed for a future revision of the standard. www.ournet.md /~freebsd/divers/man.php/man/setgid/2   (247 words)

SecuriTeam™ - Linux Kernel Setgid Implementation Flaw A setuid or setgid program can wish to give up its privileges as soon as it does not need them anymore, if the program is written to minimize the impact of a vulnerability in the now unprivileged part of the code. However, if you can find on your system a program that relies too much on the setgid behavior and gives full control to the user on the process, this problem would become a very serious vulnerability. So it is not set when running setgid programs, and in setuid programs it is unset when you do a setuid(user). www.securiteam.com /unixfocus/5YP0N0K7QI.html   (652 words)

setgid(2)   (Site not responding. Last check: 2007-11-02) NAME setgid - Sets the group ID SYNOPSIS #include int setgid (gid_t group_id); Application developers may want to specify an #include statement for before the one for if programs are being developed for multiple platforms. If the process does not have superuser privilege, but the group_id parame- ter is equal to the real group ID or the saved set group ID, the setgid() function sets the effective group ID to group_id. ERRORS The setgid() function sets errno to the specified values for the following conditions: [EINVAL] The value of the group_id parameter is invalid. www.uwm.edu /cgi-bin/Dept/IMT/wwwman?topic=setgid(2)&msection=5   (271 words)

man setgid (2)   (Site not responding. Last check: 2007-11-02) This allows a setgid program that is not suid root to drop all of its group privileges, do some un-privileged work, and then re-engage the original effective group ID in a secure manner. On error, -1 is returned, and errno is set appropriately. EPERM The calling process is not privileged (does not have the CAP_SETGID capability), and gid does not match the effective group ID or saved set-group-ID of the calling process. sman.informatik.htw-dresden.de:6711 /man?=setgid=2   (110 words)

setgid   (Site not responding. Last check: 2007-11-02) The setgid() function allows the calling process to set the real, effective and saved group IDs, based on the following: If the process has appropriate privileges, the setgid() function sets the real group ID, effective group ID and saved group ID to gid. If the process does not have the appropriate privileges, but gid is equal to the real group ID, setgid() sets the effective group ID to gid; the real and saved group IDs are not changed. www.lfbs.rwth-aachen.de /~stefan/qnx/qnx/setgid.html   (170 words)

Solaris ARP Setgid Vulnerability Bulletins Topics Sun announces the release of patches for Solaris(tm) 7, 2.6, 2.5.1, 2.5, and 2.4 (SunOS(tm) 5.7, 5.6, 5.5.1, 5.5, and 5.4) which relate to a setgid vulnerability in arp. Prior to Solaris 8, arp was setgid making it susceptible to certain setgid attacks. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. www.ciac.org /ciac/bulletins/l-028.shtml   (682 words)

CERT/CC Intruder Detection Checklist Note that this is not foolproof unless you log to append-only media; many intruders edit log files in an attempt to hide their activity. Look for setuid and setgid files (especially setuid root files) everywhere on your system. The UNIX find(1) program can be used to hunt for setuid and/or setgid files. www.cert.org /tech_tips/intruder_detection_checklist.html   (1281 words)

Unix questions - circumventing setgid bit   (Site not responding. Last check: 2007-11-02) mkdir(2) always honors setgid bit according to man for mknod(2) mentions that the setgid bit forces the group ID of the directory to be inherited from the parent, but not necessarily the setgid www.webservertalk.com /archive108-2004-1-70985.html   (444 words)

setgid   (Site not responding. Last check: 2007-11-02) If the process has appropriate privileges, setgid() sets the real group ID, effective group ID and the saved set-group-ID to gid. If the process does not have appropriate privileges, but gid is equal to the real group ID or the saved set-group-ID, setgid() function sets the effective group ID to gid; the real group ID and saved set-group-ID remain unchanged. UNIX ®; is a registered Trademark of The Open Group. www.ludd.luth.se /~ragge/docs/html/susv2/xsh/setgid.htm   (127 words)

Setuid/Setgid Procedures   (Site not responding. Last check: 2007-11-02) If you believe that you have a justifiable reason for having a setuid or setgid program please send email to "bugs@polymail.calpoly.edu". In order to maintain system's security, systems support staff will regularly scan the file system for unauthorized setuid/setgid files. If an unauthorized setuid/setgid program is found in your account, the setuid or setgid permission will be removed and you will receive email advising of the change. www.calpoly.edu /~its/CU_Policies/setuid-setgid_procedures.htm   (167 words)

Apache 2 ignores setgid directory perms | Apache | Users I have found that in every instance, Apache ignores the setgid bit. Apache is a member of the staff group, yes, and that seems to have no But the uploaded file doesn't obey the setgid on the directory: www.gossamer-threads.com /lists/apache/users/300969   (819 words)

How to Turn Setuid/Setgid On or Off This article describes how to turn set-user-identifier-on-execution (setuid) or set-group-identifier-on-execution (setgid) on or off. In SFU 3.0, you can use the chmod(1) utility to set the setuid, setgid, and sticky file mode bits on files or folders that are stored on an NTFS file system partition and that are shared through Server for NFS. For example, an executable file (.exe) that has the setuid bit set will execute under the user ID of the file's owner, not the user ID of the user who is executing the file. support.microsoft.com /default.aspx?scid=kb;en-us;322812   (423 words)

ISS X-Force Database: gnupg-setgid-overwrite-files(12699): GnuPG installed setgid could allow attacker to overwrite ...   (Site not responding. Last check: 2007-11-02) GNU Privacy Guard (GnuPG or GPG) is an open-source encryption program that uses public/private keys to encrypt, sign, and decrypt messages. GnuPG is installed setgid root, which could allow a local attacker to overwrite files that have group root writable permissions. Note: Based on Gentoo Linux Security Announcement 200307-06, it is uncertain whether or not 1.2.2-r1 is vulnerable to this issue. xforce.iss.net /xforce/xfdb/12699   (275 words)

Manual Lookup for 'setgid.2' You might also be interested using tkman, which provides a graphical interface to the man pages. SETGID(2) Linux Programmer's Manual SETGID(2) NAME setgid - set group identity SYNOPSIS #include < #include < int setgid(gid_t gid); DESCRIPTION setgid() sets the effective group ID of the current process. This allows a set-group-ID program that is not set-user-ID-root to drop all of its group privileges, do some un- privileged work, and then re-engage the original effective group ID in a secure manner. www.cse.unsw.edu.au /scripts/man-cgi?setgid.2   (185 words)

setgid(2)   (Site not responding. Last check: 2007-11-02) Interfaces documented on this reference page conform to industry standards as follows: setgid(): POSIX.1, XPG4, XPG4-UNIX Refer to the standards(5) reference page for more information about industry standards and associated tags. The setgid() function sets the real group ID, effective group ID, and the saved set group ID to the value specified by the Upon successful completion, the setgid() function returns 0 (zero). www.helsinki.fi /atk/unix/dec_manuals/DOC_51/HTML/MAN/MAN2/0115____.HTM   (226 words)

setuid and setgid Files   (Site not responding. Last check: 2007-11-02) However, it is possible for users to make a setuid or setgid program; that is, a program with the setuid or setgid bit set in its permissions field. A setuid program runs with the access rights of its owner, while a setgid program has the access rights of the file's group. Programs that run setuid or setgid are prone to security problems. www.calpoly.edu /~unixsys/policies/setuid-setgid.htm   (134 words)

setgid Question And I checked that $gid receives the correct value for the group. But the setgid() operation fails from some reason. The dump I get it this: $gid=1000 $ret=undef $GID=506 1000 105 103 506 Can anybody tell me how I can make a successful setgid operation? www.mail-archive.com /linux-il@cs.huji.ac.il/msg24052.html   (319 words)

setgid Core dumping vulnerability in Solaris 2.4 Solaris 2.4 prior to kernel jumbo patch 35 in many circumstances allows setgid programs to dump core which is especially bad since Solaris has WAY too many group-writable files. It is easy to overwrite files writeable by group bin, which leads quickly to For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. www.insecure.org /sploits/solaris.2.4.setgid.coredump.html   (539 words)

setuid + setgid files... - LinuxQuestions.org I use SuSE 8.2 and I followed the advice from a book that I was reading, that said to check for setuid and setgid files. Which I did, but the results mean nothing to me, so I was just wondering if anybody could give me some idea as to which files I should change and which one's need to be setuid or setgid and why... This is the list of files on my system that have the setuid or setgid bit set... www.linuxquestions.org /questions/showthread.php?t=242756   (331 words)

► » Re: setgid-wrapper   (Site not responding. Last check: 2007-11-02) Similarly, I hope to one day run a Java application server (e.g. game setgid just so it can write to its high score file. to be installed setgid games to update its high scoring file and ask www.debian-talk.com /detail-10008095.html   (724 words)

setgid with Tcl scripts I have a script with this header: #!/bin/sh -f #\ exec tclsh $0 and permissions are at -rwxr-sr-x but when I run the script, I get permission denied (the group is correct) when it tries to do certain file copying operations. Another way to do this is used the relevant functions that TclX gives you to control set*id. -- Jeff Hobbs, The Tcl Guy http://www.ActiveState.com/, a division of Sophos Another way to > do this is used the relevant functions that TclX gives you to control > set*id. www.codecomments.com /message423377.html   (435 words)

Avoid Creating Setuid/Setgid Scripts   (Site not responding. Last check: 2007-11-02) Many Unix-like systems, in particular Linux, simply ignore the setuid and setgid bits on scripts to avoid the race condition described earlier. As a special case, Perl includes a special setup to support setuid Perl scripts, so using setuid and setgid is acceptable in Perl if you truly need this kind of functionality. If you need to support this kind of functionality in your own interpreter, examine how Perl does this. dwheeler.com /secure-programs/Secure-Programs-HOWTO/avoid-setuid.html   (147 words)

Secunia - Advisories - Gentoo pinentry Insecure Permissions setgid Binaries Security Issue Secunia - Advisories - Gentoo pinentry Insecure Permissions setgid Binaries Security Issue Gentoo pinentry Insecure Permissions setgid Binaries Security Issue Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. secunia.com /advisories/18284   (279 words)

circumventing setgid bit - dBforums If you would prefer not to see any double-underlined words and corresponding advertisements, please click here. dBforums > Usenet Groups > comp.unix.* > comp.unix.questions > circumventing setgid bit I've noticed that under an NFS directory with permissions 2775 www.dbforums.com /t906740.html   (283 words)

KCGL1 Help CRTL setgid   (Site not responding. Last check: 2007-11-02) With POSIX IDs disabled, setgid is implemented for program portability and serves no function. With POSIX IDs enabled, setgid sets the group IDs. Format #include #include int setgid (__gid_t gid); _DECC_V4_SOURCE int setgid (gid_t gid); not _DECC_V4_SOURCE www.montagar.com /HELP/CRTL/SETGID   (39 words)

Try your search on: Qwika (all wikis)

About us   |   Why use us?   |   Reviews   |   Press   |   Contact us   Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.