1

While reading the manual page of setresuid() a question arose about the purpose of Real UID.

As mentioned in the man page:

setresuid() sets the real user ID, the effective user ID, and the saved set-user-ID of the calling process. Unprivileged user processes may change the real UID, effective UID, and saved set-user-ID, each to one of: the current real UID, the current effective UID or the current saved set-user-ID.

Thus, unless I'm missing something, using setresuid() I can always set the Real UID of a process to be as its Effective UID. Therefore I would like to ask what's the purpose of Real UID while it can be set easily to the Effective UID? Doesn't the existence of Effective UID make Real UID redundant?

Amit Gabay
  • 13
  • 5

1 Answers1

0

When a user launches a program/script the three types of id's (Real User ID - ruid, Effective User ID - euid, and Saved User ID - suid) would be the same.

If you were to create a program that changed the ruid to the euid value and ran it as a non-privileged user it would effectively do nothing. But if your program was run by root the the values can change to whatever setresuid sets it to. So you could change the ruid to be the euid but you would need to be root or have a set user on execution bit set.

Here's an example:

#include <stdio.h>
#include <unistd.h>

int main(){
  uid_t euid,ruid;
  int ret;
  euid = geteuid();
  ruid = getuid();
  printf("original ruid, euid == %d,%d\n",ruid,euid);
  ret = setresuid(8888,9999,1000);
  printf("return value from setresuid is %d\n",ret);
  euid = geteuid();
  ruid = getuid();
  printf("new ruid, euid == %d,%d\n",ruid,euid);
}

When run as a non-root user the output is:

original ruid, euid == 1000,1000
return value from setresuid is -1
new ruid, euid == 1000,1000

and when run as root (via sudo) the output is:

original ruid, euid == 0,0
return value from setresuid is 0
new ruid, euid == 8888,9999

and when the program is owned by root and has a set uid bit set:

original ruid, euid == 1000,0
return value from setresuid is 0
new ruid, euid == 8888,9999

kenlukas
  • 835
  • 6
  • 18