[apple/xnu.git] / bsd / man / man2 / issetugid.2

.\"	$OpenBSD: issetugid.2,v 1.7 1997/02/18 00:16:09 deraadt Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD: src/lib/libc/sys/issetugid.2,v 1.13 2004/07/02 23:52:13 ru Exp $
.\"
.Dd August 25, 1996
.Dt ISSETUGID 2
.Os
.Sh NAME
.Nm issetugid
.Nd is current process tainted by uid or gid changes
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In unistd.h
.Ft int
.Fn issetugid void
.Sh DESCRIPTION
The
.Fn issetugid
system call returns 1 if the process environment or memory address space
is considered
.Dq tainted ,
and returns 0 otherwise.
.Pp
A process is tainted if it was created as a result of an
.Xr execve 2
system call which had either of the setuid or setgid bits set (and extra
privileges were given as a result) or if it has changed any of its real,
effective or saved user or group ID's since it began execution.
.Pp
This system call exists so that library routines (eg: libc, libtermcap)
can reliably determine if it is safe to use information
that was obtained from the user, in particular the results from
.Xr getenv 3
should be viewed with suspicion if it is used to control operation.
.Pp
A
.Dq tainted
status is inherited by child processes as a result of the
.Xr fork 2
system call (or other library code that calls fork, such as
.Xr popen 3 ) .
.Pp
It is assumed that a program that clears all privileges as it prepares
to execute another will also reset the environment, hence the
.Dq tainted
status will not be passed on.
This is important for programs such as
.Xr su 1
which begin setuid but need to be able to create an untainted process.
.Sh ERRORS
The
.Fn issetugid
system call is always successful, and no return value is reserved to
indicate an error.
.Sh SEE ALSO
.Xr execve 2 ,
.Xr fork 2 ,
.Xr setegid 2 ,
.Xr seteuid 2 ,
.Xr setgid 2 ,
.Xr setregid 2 ,
.Xr setreuid 2 ,
.Xr setuid 2
.Sh HISTORY
The
.Fn issetugid
system call first appeared in
.Ox 2.0
and was also implemented in
.Fx 3.0 .
Commit	Line	Data
9bccf70c A	1	.\" $OpenBSD: issetugid.2,v 1.7 1997/02/18 00:16:09 deraadt Exp $
	2	.\"
	3	.\" Copyright (c) 1980, 1991, 1993
	4	.\" The Regents of the University of California. All rights reserved.
	5	.\"
	6	.\" Redistribution and use in source and binary forms, with or without
	7	.\" modification, are permitted provided that the following conditions
	8	.\" are met:
	9	.\" 1. Redistributions of source code must retain the above copyright
	10	.\" notice, this list of conditions and the following disclaimer.
	11	.\" 2. Redistributions in binary form must reproduce the above copyright
	12	.\" notice, this list of conditions and the following disclaimer in the
	13	.\" documentation and/or other materials provided with the distribution.
	14	.\" 3. All advertising materials mentioning features or use of this software
	15	.\" must display the following acknowledgement:
	16	.\" This product includes software developed by the University of
	17	.\" California, Berkeley and its contributors.
	18	.\" 4. Neither the name of the University nor the names of its contributors
	19	.\" may be used to endorse or promote products derived from this software
	20	.\" without specific prior written permission.
	21	.\"
	22	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	23	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	24	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	25	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	26	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	27	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	28	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	29	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	30	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	31	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	32	.\" SUCH DAMAGE.
	33	.\"
2d21ac55 A	34	.\" $FreeBSD: src/lib/libc/sys/issetugid.2,v 1.13 2004/07/02 23:52:13 ru Exp $
	35	.\"
	36	.Dd August 25, 1996
9bccf70c	37	.Dt ISSETUGID 2
2d21ac55	38	.Os
9bccf70c A	39	.Sh NAME
9bccf70c A	40	.Nm issetugid
2d21ac55 A	41	.Nd is current process tainted by uid or gid changes
	42	.Sh LIBRARY
	43	.Lb libc
9bccf70c	44	.Sh SYNOPSIS
2d21ac55	45	.In unistd.h
9bccf70c A	46	.Ft int
	47	.Fn issetugid void
	48	.Sh DESCRIPTION
	49	The
	50	.Fn issetugid
2d21ac55 A	51	system call returns 1 if the process environment or memory address space
	52	is considered
	53	.Dq tainted ,
	54	and returns 0 otherwise.
9bccf70c	55	.Pp
2d21ac55 A	56	A process is tainted if it was created as a result of an
	57	.Xr execve 2
	58	system call which had either of the setuid or setgid bits set (and extra
	59	privileges were given as a result) or if it has changed any of its real,
	60	effective or saved user or group ID's since it began execution.
9bccf70c	61	.Pp
2d21ac55 A	62	This system call exists so that library routines (eg: libc, libtermcap)
	63	can reliably determine if it is safe to use information
	64	that was obtained from the user, in particular the results from
	65	.Xr getenv 3
	66	should be viewed with suspicion if it is used to control operation.
	67	.Pp
	68	A
	69	.Dq tainted
	70	status is inherited by child processes as a result of the
	71	.Xr fork 2
	72	system call (or other library code that calls fork, such as
	73	.Xr popen 3 ) .
	74	.Pp
	75	It is assumed that a program that clears all privileges as it prepares
	76	to execute another will also reset the environment, hence the
	77	.Dq tainted
	78	status will not be passed on.
	79	This is important for programs such as
	80	.Xr su 1
	81	which begin setuid but need to be able to create an untainted process.
9bccf70c A	82	.Sh ERRORS
	83	The
	84	.Fn issetugid
2d21ac55	85	system call is always successful, and no return value is reserved to
9bccf70c A	86	indicate an error.
	87	.Sh SEE ALSO
	88	.Xr execve 2 ,
2d21ac55 A	89	.Xr fork 2 ,
	90	.Xr setegid 2 ,
	91	.Xr seteuid 2 ,
9bccf70c	92	.Xr setgid 2 ,
2d21ac55 A	93	.Xr setregid 2 ,
	94	.Xr setreuid 2 ,
	95	.Xr setuid 2
9bccf70c	96	.Sh HISTORY
2d21ac55 A	97	The
	98	.Fn issetugid
	99	system call first appeared in
	100	.Ox 2.0
	101	and was also implemented in
	102	.Fx 3.0 .