Security Management Guide (G06.29+, H06.08+, J06.03+)

OSS System Security

Security Management Guide — 522283-021

4 - 12

Adopting the Owner ID of a Program File

process can kill another OSS process. A process can successfully send a kill() signal

to another process under the following conditions:



The sending process has the effective user ID of the super ID user.



The sending process has an effective user ID equal to the real user ID of the target

process.



The sending process has an effective user ID equal to the saved-set-user-ID of the

target process.



The sending process has a real user ID equal to the real user ID of the target

process.



The sending process has a real user ID equal to the saved-set-user-ID of the

target process.

Adopting the Owner ID of a Program File

The set-user-ID permission bit in the OSS environment serves a function similar to that

of PROGID in the Guardian environment. The owner of a program file (or the super ID)

can set a file’s set-user-ID bit by using the chmod command. When this bit is set, the

effective user ID and saved-set-user-ID of any process created by running the program

file are set to owner ID of the program file (rather than the effective user ID) and saved-

set-user-ID of the creating process. This option allows the owner of the program file to

control the files that the new process can access and to control the operations that can

be performed on or by the process.

A similar permission bit, the set-group-ID bit, can be used to adopt the program file’s

group ID as the process’s effective group ID and saved-set-group-ID.