From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) by sourceware.org (Postfix) with ESMTPS id D9455386F410 for ; Wed, 3 Feb 2021 03:25:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D9455386F410 Received: by mail-il1-x133.google.com with SMTP id y17so21156664ili.12 for ; Tue, 02 Feb 2021 19:25:00 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rkXJYNSc2+viG+cB50WmItqMKzZfoC5g+J2+ABF4ex4=; b=ema7W6niloiJHGWG9gaXwQ4XAD4lJe59u/P3JnsZ5l8bpzH0+P2cgw0w3THDCQEFkj lB4RdQEV9dNHjge3NuWSUXprr5gAOhqKdcseIbzhlrVbXwraICrLq6FCpBuS8j/9fBFK HT+6T2hwvpTrG5rNNUGFZr2AeZ6jSOqCwOXbRO9DJTwxzCnLWRSHbkP0PihR7/GlPHtJ fJRM6vaTxyWpW+EPu6MTNDnvHud6ngMNO2JwkWruhohG7+GaTQ0KJJaeDvuvVD7/0JFV 68fIp5wMHzfYhBuVEkjOad+qJ43Qf4cWQlvS2MqizowMvOQUokMqiMe9r8gSOrtHkYYU rozA== X-Gm-Message-State: AOAM532SPX4cVjsEwztFV61kPIw+18KSJiV0HMuIw9IXtU3Wu9r16Ge4 EWRw8V7WhJ8/ZPB0yJOaV2NX0onmlUIeSgnF2jk= X-Google-Smtp-Source: ABdhPJy/I1n9BGUDlnMQeB2saen6UF1VXq054RNHsnD2br6Han0M2WU+DR1xu7RDWwqLPF+R2X/MvFqfE5sIwYshHZo= X-Received: by 2002:a05:6e02:154d:: with SMTP id j13mr1091025ilu.153.1612322700466; Tue, 02 Feb 2021 19:25:00 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a6b:4e05:0:0:0:0:0 with HTTP; Tue, 2 Feb 2021 19:24:59 -0800 (PST) In-Reply-To: References: From: Peng Yu Date: Tue, 2 Feb 2021 21:24:59 -0600 Message-ID: Subject: Re: definitions of uid and euid To: noloader@gmail.com Cc: libc-help Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 03:25:02 -0000 This document is pretty old. Is it still the most relevant document nowadays. Given the shortcoming mentioned in the document. Nothing has been changed to accommodate the shortcomings since then? On 2/2/21, Jeffrey Walton via Libc-help wrote: > On Tue, Feb 2, 2021 at 12:22 PM Peng Yu via Libc-help > wrote: >> >> `man getuid` says the following without explaining what real user ID >> and effective user ID are. >> >> - getuid() returns the real user ID of the calling process. >> - geteuid() returns the effective user ID of the calling process. >> >> Could anybody explain the definitions of uid and euid, and provide a >> minimum working example demonstrating when they are different? Thanks. > > Also see Chen, Wagner and Dean's > https://www.usenix.org/conference/11th-usenix-security-symposium/setuid-demystified: > > Access control in Unix systems is mainly based on > user IDs, yet the system calls that modify user IDs > (uid-setting system calls), such as setuid, are poorly > designed, insufficiently documented, and widely > misunderstood and misused. This has caused many > security vulnerabilities in application programs. > ... > > Jeff > -- Regards, Peng