definitions of uid and euid
Peng Yu
pengyu.ut@gmail.com
Wed Feb 3 03:24:59 GMT 2021
This document is pretty old. Is it still the most relevant document
nowadays. Given the shortcoming mentioned in the document. Nothing
has been changed to accommodate the shortcomings since then?
On 2/2/21, Jeffrey Walton via Libc-help <libc-help@sourceware.org> wrote:
> On Tue, Feb 2, 2021 at 12:22 PM Peng Yu via Libc-help
> <libc-help@sourceware.org> wrote:
>>
>> `man getuid` says the following without explaining what real user ID
>> and effective user ID are.
>>
>> - getuid() returns the real user ID of the calling process.
>> - geteuid() returns the effective user ID of the calling process.
>>
>> Could anybody explain the definitions of uid and euid, and provide a
>> minimum working example demonstrating when they are different? Thanks.
>
> Also see Chen, Wagner and Dean's
> https://www.usenix.org/conference/11th-usenix-security-symposium/setuid-demystified:
>
> Access control in Unix systems is mainly based on
> user IDs, yet the system calls that modify user IDs
> (uid-setting system calls), such as setuid, are poorly
> designed, insufficiently documented, and widely
> misunderstood and misused. This has caused many
> security vulnerabilities in application programs.
> ...
>
> Jeff
>
--
Regards,
Peng
More information about the Libc-help
mailing list