Chilfox

Temporarily Elevate Privilege
Concept
Why change effective UID in the middle of program execution?
User/Group ID
What IDs can a process have?
Real/Effective user/group ID
Supplementary group IDs
Saved set-user/group ID
setuid, setgid, setreuid, setregid, seteuid, setegid
UID exec Inheritance
Interpreter Files
Interpreter
Interpreter Files

❯

System Programming

❯

D SP Ch8c Privilege_Management

D-SP-Ch8c-Privilege_Management

Type

digest

Aliases

Privilege Management

Source Link

S-Course-2025-CSIE2210-SP

Tags

Temporarily Elevate Privilege

Concept

我們雖然有設 Effective UID，但我們不想要在整個 process 執行流程都借權限給程序執行者，因此我們會想要在 process 執行時在 real uid 和 effective uid 之間切換

Why change effective UID in the middle of program execution?

Least Privilege Model：一個 program 應該只使用最小的所需權限來完成要做的事
降低 security vulnerability 出現的窗口

User/Group ID

What IDs can a process have?

Real/Effective user/group ID

D-SP-Ch5ac-RealEffectiveUID

Supplementary group IDs

一個 process 除了 main group 也可以屬於其他 group

Saved set-user/group ID

D-SP-Ch8ca-saved_set-uid

setuid, setgid, setreuid, setregid, seteuid, setegid

D-SP-Ch8cb-setuid_setgid_setreuid_setregid_seteuid_seteguid

UID exec Inheritance

D-SP-Ch8cc-UID_exec_Inheritance

Interpreter Files

Interpreter

D-SP-Ch8cd-Interpreter

Interpreter Files

D-SP-Ch8ce-Interpreter_Files

關係圖譜

反向連結

D-SP-Ch8ca-saved_set-uid
S-Course-2025-CSIE2210-SP

Created with Quartz v4.5.1 © 2026