RealUID，挽救UID，有效UID。这是怎么呢-RealUID,SavedUID,EffectiveUID.What'sgoingon?

25  

There are two cases,

有两种情况下,

1. You want to temporarily drop root privilege while executing setuid program
2. 您希望在执行setuid程序时暂时删除根特权
3. You want to permanently drop root privilege while executing setuid program...
4. 您希望在执行setuid程序时永久删除根特权……

• You can temporarily do it by setting the euid to the real user id and then changing the uid to anything you want.And later when you need the root privilege back you can setuid to root and the effective userid will change back to root. This is because the saved user id is not changed.
• 您可以通过将euid设置为真正的用户id，然后将uid更改为您想要的任何东西，从而暂时实现它。之后，当您需要返回root权限时，您可以将setuid设置为root，而有效的userid将更改为root。这是因为保存的用户id没有更改。
• You can drop privilege permanently by changing the uid straight away to a lesser privileged user id. After this no matter what you cannot get back the root privilege.
• 您可以将uid直接更改为较小的特权用户id，从而永久地删除特权。

Case 1:

案例1:

After a setuid program starts executing

在一个setuid程序开始执行之后

1.seteuid(600);
2.setuid(1000);
3.setuid(0);

For this case the root privilege can be gained back again.

对于这种情况，可以再次获得根特权。

              +----+------+------------+
              | uid|euid  |saved-uid   |
              |----|------|------------|
            1.|1000| 0    | 0          |
            2.|1000| 600  | 0          |
            3.|1000| 1000 | 0          |
            4.|1000|  0   | 0          |
              |    |      |            |
              +------------------------+

Case 2:

案例2:

After a setuid program starts executing,

在一个setuid程序开始执行后，

1.setuid(1000);
2.setuid(0);



               +----+------+------------+
               | uid|euid  |saved-uid   |
               |----|------|------------|
             1.|1000|0     | 0          |
             2.|1000|1000  | 1000       |
               |    |      |            |
               +------------------------+

In this case you cannot get back the root privilege. This can be verified by the following command,

在这种情况下，您不能返回root特权。这可以通过以下命令进行验证，

cat /proc/PROCID/task/PROCID/status | less

猫/proc/PROCID/task/PROCID/status |少

Uid:    1000    0       0       0
Gid:    1000    0       0       0

This command will display a Uid and Gid and it will have 4 fields( the first three fields are the one we are concerned with). Something like the above

这个命令将显示一个Uid和Gid，它将有4个字段(前3个字段是我们关心的)。类似上面的

The three fields represent uid,euid and saved-user-id. You can introduce a pause (an input from user) in your setuid program and check for each step the cat /proc/PROCID/task/PROCID/status | less command. During each step you can check the saved uid getting changed as mentioned.

这三个字段表示uid、euid和saved-user-id。您可以在setuid程序中引入一个暂停(来自用户的输入)，并检查每一步的cat / procid/procid/task/procid/status |命令。在每个步骤中，您都可以检查保存的uid是否被更改。

If you're euid is root and you change the uid, the privileges gets dropped permanently.If effective user id is not root then saved user id is never touched and you can regain the root privilege back anytime you want in your program.

如果euid是root，而您更改uid，特权将被永久删除。如果有效的用户id不是根用户id，那么保存的用户id就不会被触及，您可以在程序中随时恢复根特权。

8  

DESCRIPTION setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root, the real UID and saved set-user-ID are also set.

DESCRIPTION setuid()设置调用过程的有效用户ID。如果调用者的有效UID是root，则还将设置真正的UID和保存的set-user- id。

Under Linux, setuid() is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. This allows a set-user-ID (other than root) program to drop all of its user privileges, do some un-privileged work, and then reengage the original effective user ID in a secure manner.

在Linux下，setuid()的实现类似POSIX版本，具有_POSIX_SAVED_IDS特性。这允许一个set-user-ID(非root)程序删除它的所有用户特权，执行一些非特权的工作，然后以安全的方式重新启用原始有效的用户ID。

If the user is root or the program is set-user-ID-root, special care must be taken. The setuid() function checks the effective user ID of the caller and if it is the superuser, all process-related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges.

如果用户是root用户或程序是set-user- root用户，必须特别注意。函数的作用是:检查调用者的有效用户ID，如果是超级用户，则将所有与进程相关的用户ID设置为uid。发生这种情况后，程序不可能重新获得根特权。

Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then regain root privileges afterward cannot use setuid(). You can accomplish this with seteuid(2).

因此，希望暂时删除根特权的set-user-ID-root程序，承担无特权用户的身份，然后在之后重新获得根特权的程序不能使用setuid()。您可以使用seteuid(2)实现这一点。

(from the Linux Programmers' Manual, 2014-09-21, page setuid.2)

(来自Linux程序员手册，2014-09-21,setuid2页)

2  

O! These functions are difficult to use correctly.

O !这些函数很难正确使用。

The man page states that setuid will change the real,saved and effective uid. So after the calling setuid(1000), all three change to 1000.

手册页声明setuid将更改真实的、保存的和有效的uid。在调用setuid(1000)之后，三个都变成了1000。

That is the case if and only if you are euid 0. At the time you call setuid(0), however, you are euid 1000 and saved uid 0 (check getresuid(2), for example). That's why you're able to regain privileges.

只有当你是euid 0时，才会出现这种情况。当您调用setuid(0)时，您是euid 1000并保存了uid 0(例如，检查getresuid(2)))。这就是为什么你可以重新获得特权。