[sudo-users] How to know real uid/gid?

Josef Wolf jw at raven.inka.de
Fri May 26 03:34:15 EDT 2006

On Fri, May 26, 2006 at 10:16:15AM +1000, Matthew Hannigan wrote:
> On Thu, May 25, 2006 at 09:27:18PM +0200, Josef Wolf wrote:
> > > You've got env vars SUDO_UID and SUDO_GID ...
> > 
> > Ough, I must have been blind!  Thanks for the hint, Matthew!
> > 
> > > So I guess you can set[ug]id to those if you wanted to 'drop'
> > > privs.  Be careful that they're not tainted though.
> > 
> > Isn't this set by sudo?  So how they can be tainted?  How would one try
> > to exploit that?
> Er, with difficulty :-)  unless the thing you're
> spawning is an interpreter or has some internal
> language that lets you change env vars.  

As long as the vars are captured before the user has a chance to change
them, it should be safe.

> I'm straining my brain to come up with one off the
> top of my head, but maybe a for instance is a
> restricted shell, such as rksh?  Or a perl
> driven interactive program which does not
> bother to inhibit certain perl operations?

In such a case you have lost either way, I think.

>From your last reply, I assumed that there would be a way to fool sudo to
set the vars wrong.  Or that it would be possible to change the vars just
_before_ my (perl) script is called.

So, as long as the vars are set correctly when my script starts executing
its statements, I should be safe, I think.

More information about the sudo-users mailing list