[[APi]TheMan]

The other day I was playing around in the Terminal and I noticed that ping did not show up when I ran a simple ps -U for my username. I then noticed that ping is setuid and was running as root rather than my user. I was surprised to see that quite a few binaries all over my $PATH are setuid root.

I thought I understood the setuid mechanism but I really don't; I guess I'm wondering, what is it about the setuid mechanism that enables me to kill a setuid process that is running as root?

[Kamsin]

My understanding is that most setuid programs only run as root initially to gain access to some restricted resource, then switch their effective UID to that of the user who started the process. That would allow you to kill it, etc... My guess is that -U does not go by the effective UID.

[Angus_D]

Originally posted by [APi]TheMan:
I thought I understood the setuid mechanism but I really don't; I guess I'm wondering, what is it about the setuid mechanism that enables me to kill a setuid process that is running as root?

The logic for this is actually platform-dependent, and you can see the implementation as used by Darwin here (the ability to read C is required). Basically it's still kinda-sorta owned by you but is effectively running as root, with some extra stuff thrown in there.

[[APi]TheMan]

Originally posted by Angus_D:
The logic for this is actually platform-dependent, and you can see the implementation as used by Darwin here (the ability to read C is required). Basically it's still kinda-sorta owned by you but is effectively running as root, with some extra stuff thrown in there.

I don't know enough about the underlying processes to really understand what that code's doing. It sounds like your and Kamsin's explanations will have to do for now, there's obviously some stuff going on under the hood that top doesn't know about.

Thanks.