[sudo-users] How to know real uid/gid?
Josef Wolf
jw at raven.inka.de
Thu May 25 15:27:18 EDT 2006
On Thu, May 25, 2006 at 07:36:58PM +1000, Matthew Hannigan wrote:
> On Thu, May 25, 2006 at 09:52:47AM +0200, Josef Wolf wrote:
> > I've seen no replies yet to this mail. Does this mean that there is
> > no way to find out the real uid/gid of the user who called the command?
>
> You've got env vars SUDO_UID and SUDO_GID ...
Ough, I must have been blind! Thanks for the hint, Matthew!
> So I guess you can set[ug]id to those if you wanted to 'drop'
> privs. Be careful that they're not tainted though.
Isn't this set by sudo? So how they can be tainted? How would one try
to exploit that?
More information about the sudo-users
mailing list