setuuid/setguuid

[Ian Wadham]

Hi Clemens,

On 23/12/2014, at 11:33 PM, Clemens Lang wrote:
> ----- On 23 Dec, 2014, at 13:02, René J.V. Bertin rjvbertin at gmail.com wrote:
>> IIRC, OS X no longer allows setuuid/setguuid, or only under some conditions.
>> Isn't that something that ought to be addressed in the post-destroot?
>> I'd vote for removing the offending flags if they cannot have their intended
>> effect anyway.
> 
> That's the first time I hear of that. Unless you have a source you can quote on
> that I'm not going to believe you, especially since my SUID (not setuuid, that's
> not a thing) binaries still work as I expect them to.

Is this topic anything to do with the following Apple OS X message?
"The application with bundle ID (null) is running setugid(), which is not allowed."
Google on "Apple setugid".  That message has been giving people trouble for
a couple of years at least.  "setugid()" is Apple's shorthand for (regexp) "set[ug]id()".

I used to get the message from Dr Konqi (KDE's crash analyser), till I bypassed
the offending code by stopping KCrash from trying to run Dr Konqi via kdeinit4.

The source for main.cpp of Dr Konqi currently reads:

-------------------------------------
int main(int argc, char* argv[])
{
#ifndef Q_OS_WIN //krazy:exclude=cpp
// TODO - Investigate and fix this, or work around it as follows...
// #if !defined(Q_OS_WIN) && !defined(Q_OS_MAC)
// When starting Dr Konqi via kdeinit4, Apple OS X aborts us unconditionally for
// using setgid/setuid, even if the privs were those of the logged-in user.
// Drop privs.
    setgid(getgid());
    if (setuid(getuid()) < 0 && geteuid() != getuid()) {
        exit(255);
    }
#endif
-------------------------------------

The notes are to remind me to investigate this problem further if I ever get
kdeinit4 (or kdeinit5) to work properly on Apple OS X and MacPorts.

Cheers, Ian W.