i’m running php-cli 7.3.19 as root (on a Debian 10 Buster, linux kernel 4.19.0-8-amd64), and after using posix_seteuid() to change my euid, is sub-processes supposed to inherit my euid?
i thought the answer was yes, but testing it,
root@devdb:/srv/http/easyad_branches# whoami root root@devdb:/srv/http/easyad_branches# id uid=0(root) gid=0(root) groups=0(root) root@devdb:/srv/http/easyad_branches# php -r ' var_dump(posix_seteuid(posix_getpwnam("www-data")["uid"])); var_dump(shell_exec("whoami;id")); posix_seteuid(0); var_dump(posix_setuid(posix_getpwnam("www-data")["uid"])); var_dump(shell_exec("whoami;id"));' bool(true) string(44) "root uid=0(root) gid=0(root) groups=0(root) " bool(true) string(53) "www-data uid=33(www-data) gid=0(root) groups=0(root) "
it seems whoami inherits my uid as it’s euid, rather than inheriting my euid as it’s euid, is that intended behavior?
to say it in another way, i got bool(true) root bool(true) www-data
, but i expected bool(true) www-data bool(true) www-data
, is my expectations wrong, or is there something else going on?
Advertisement
Answer
it seems whoami inherits my uid as it’s euid, rather than inheriting my euid as it’s euid, is that intended behavior?
I’m not 100% sure about PHP, but in programming languages directly calling Linux system calls (such as C or C++) this behavior is normal.
One well-known side-effect of this behavior is that setting the set-euid
bit to a shell script makes no sense (as long as the “normal” shell – e.g. bash – is used):
The shell (e.g. /bin/sh
) would be started with euid
set to a different UID, but the programs started by the shell would have both euid
and uid
set to the uid
value of the shell, which is the UID of the user that started the script…