Setuid bit ignored?


#1

Hi,

I’m trying to run a Juce based software under a specific user-id so I’ve set the standard setuid bit on the executable.
This fails since Juce::Thread and juce::Process change back the user ID to the effective user (who’s launching the process).
I wouldn’t expect a library to deal with user ID at all (or if it does, I would expect it restore the previous state correctly, so it’s transparent to the user).

Also, this seems wrong currently:

void* threadEntryProc (void* value)
{
    // New threads start off as root when running suid
    Process::lowerPrivilege();

    juce_threadEntryPoint (value);
    return 0;
}

Here’s an example code to show this:

#include <unistd.h>
#include <sys/types.h>
#include <pthread.h>

void * threadEntryProc(void * value)
{
    printf("T e:%d, r:%d\n", geteuid(), getuid());
    while (1);
}

int main(int a, char ** b)
{
    printf("e:%d, r:%d\n", geteuid(), getuid());
        setreuid (geteuid(), getuid());
    printf("e:%d, r:%d\n", geteuid(), getuid());
    pthread_t t;
    pthread_create(&t, NULL, threadEntryProc, 0);
    while(1);
    return 0;
}

Gives (on setuid executable):

e:0, r:1000
e:1000, r:0
T e:1000, r:0

So clearly the thread uid and euid is the same as the process itself.
Said differently, changing the uid and euid in a thread changes for the whole process, thus loosing the setuid permission given to the executable.


#2

Well, I have to admit that I have no idea at all what that code was intended to do! I don’t remember writing it, so think it must be left over from the original linux port, years ago, which was done by someone else, and which contained a few dodgy hacks… I thought I’d cleaned it all up by now, but I’ve clearly missed a couple of places, so thanks for pointing it out! There’s a similar lowerPrivilege call in the startup code that I’ll also remove.


#3

Great, thanks!