[sudo-users] How to know real uid/gid?

Josef Wolf jw at raven.inka.de
Thu May 25 15:27:18 EDT 2006

On Thu, May 25, 2006 at 07:36:58PM +1000, Matthew Hannigan wrote:
> On Thu, May 25, 2006 at 09:52:47AM +0200, Josef Wolf wrote:
> > I've seen no replies yet to this mail.  Does this mean that there is
> > no way to find out the real uid/gid of the user who called the command?
> You've got env vars SUDO_UID and SUDO_GID ...

Ough, I must have been blind!  Thanks for the hint, Matthew!

> So I guess you can set[ug]id to those if you wanted to 'drop'
> privs.  Be careful that they're not tainted though.

Isn't this set by sudo?  So how they can be tainted?  How would one try
to exploit that?

More information about the sudo-users mailing list