Find the answer to your Linux question:
Results 1 to 5 of 5
dear friends I have small problem with set-uid, set-gid flags. It is as follows: 1)I have a file named test.c in a folder named test. 2)The folder test is owned ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2005
    Posts
    30

    question about setuid( ), setgid( )


    dear friends

    I have small problem with set-uid, set-gid flags. It is as follows:

    1)I have a file named test.c in a folder named test.
    2)The folder test is owned by root.
    3)The test.c program contains the statement
    system("mkdir foo");
    ---------------------------------------------------------------
    #include<stdlib.h>
    int main(int argc, char **argv){
    system("mkir foo");
    return(0);
    }
    --------------------------------------------------------------
    5)The program is compiled and a.out is created.
    4)The set-uid, set-gid flags of the executable a.out are set.

    Therefore the logical conclusion is even if the file is executed by someone who is not a root, the directory foo should be created. But when i run the program as a normal user I get an error message which goes like

    mkdir: cannot create directory `foo': Permission denied
    --------------------------------------------------------------------------------------------------------------------------------
    The problem may be simple, but i am new to linux programming so please help me out.

  2. #2
    Linux Guru Cabhan's Avatar
    Join Date
    Jan 2005
    Location
    Seattle, WA, USA
    Posts
    3,252
    This may be a silly question, but is root the owner of the executable?

    The SUID bit makes it run as though the owner was running it: if that's not root, this will not work.

    Also, I assume that the test folder is writable by root?

  3. #3
    Just Joined!
    Join Date
    Dec 2005
    Posts
    30
    yes, indeed the owner of a.out is root. And the folder test is writeable by root.
    Just to convince you i am posting the directory listing.
    $ ls -l
    total 20
    -rwsr-sr-x 1 root root 5268 Jan 21 21:59 a.out
    -rwxr-xr-x 1 root root 311 Jan 21 21:59 test.c

  4. #4
    Linux Guru Cabhan's Avatar
    Join Date
    Jan 2005
    Location
    Seattle, WA, USA
    Posts
    3,252
    Hrmm...

    Well, I just tried it out, and suid won't work for me either. I tried getting some support, but no luck.

    I'll see if I can't figure it out though.

  5. #5
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I examined this, and I think I have found the cause. I created three small, simple, programs, as follows.

    barda.c:
    Code:
    #include <stdlib.h>
    #include <stdio.h>
    #include <unistd.h>
    
    int main(void)
    {
            uid_t r, e, s;
            getresuid(&r, &e, &s);
            printf("%i %i %i\n", r, e, s);
            return(0);
    }
    test.c:
    Code:
    #include <stdlib.h>
    #include <stdio.h>
    #include <unistd.h>
    
    int main(void)
    {
            execl("barda", "barda", NULL);
            perror("barda");
            return(255);
    }
    test2.c:
    Code:
    #include <stdlib.h>
    #include <stdio.h>
    #include <unistd.h>
    
    int main(void)
    {
            execl("/bin/sh", "sh", "-c", "./barda", NULL);
            perror("/bin/sh");
            return(255);
    }
    I then compiled all three, and chmodded test and test2 to 4755 (SUID root). The test run then gave the following output:
    Code:
    $ ./test
    500 0 0
    $ ./test2
    500 500 500
    As you can, when execing the UID printing program (barda) directly from the program, the effective and saved UIDs are root, while when running it through the shell, as done by test2 and the system() function, all three UIDs are those of my user.

    This leads me to guess that bash has implemented, as a security measure, that it attempts the effective and saved UIDs to the real UID. It's not an entirely unreasonable measure to take, given the security implications of running shell commands from a SUID binary. In this case, it is also completely unnecessary, as you could just write your program like this instead:
    Code:
    #include <stdlib.h>
    #include <stdio.h>
    #include <unistd.h>
    
    int main(void)
    {
        if(mkdir("test") < 0) {
            perror("test");
            exit(1);
        }
        return(0);
    }

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •