Background on what the code is trying to achieve: “Various parameters of the new process (e.g., euid, egid, argument list, environment, filename, etc.) that are subsequently passed to other functions are, for the sake of simplicity, combined into a structure of type linux_binprm. prepare_binprm is used to supply a number of parent process values (above all, the effective UID and GID); the remaining data — the argument list — are then copied manually into the structure. Note that prepare_binprm also takes care of handling the SUID and SGID bits:“
fs/exec.c
int prepare_binprm(struct linux_binprm *bprm)
{
...
bprm->e_uid = current->euid;
bprm->e_gid = current->egid;
if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {
/* Set-uid? */
if (mode & S_ISUID) {
bprm->e_uid = inode->i_uid;
}
/* Set-gid? */
/*
* If setgid is set but no group execute bit then this
* is a candidate for mandatory locking, not a setgid
* executable.
*/
if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
bprm->e_gid = inode->i_gid;
}
}
...
}
Here, the bitwise AND (&) is being used in the if-statement to analyze the flags. But what does this achieve? As in, what is the condition its checking and how is it evaluated?
Source: Linux Kernel Architecture
Advertisement
Answer
The result of bitwise and expression a & b is a number with value 1 at every bit that is set in both a and b, and value 0 at all other bits. If that result is exactly equal to b (for example) then it must be the case that every bit that is set in b is also set in a. If the result is unequal to b then there must be at least one bit set in b that is not set in a.
In your particular example, mode is a file mode bitmask, S_ISGID is a macro representing the set-group-id bit of such a mask, and S_IXGRP is a macro representing the group-executable bit of such a mask. The condition then evaluates whether both the S_ISGID bit and the S_IXGRP bit are set in mode. If a regular file has a mode for which that is the case then that file is a setgid executable.