Why does the setuid bit work inconsistently?root owned program with setuid bit onWhy does setuid not work?Why isn't 'nethogs' installed with the setuid bit set?Why setuid does not work on executable?Using the setuid bit properlylinux setuid does not workWhat exactly differentiates the root user from every other user?Why doesn't setuid work with mount?SetUID bit not working in Ubuntu?setuid root does not work
Who knighted this Game of Thrones character?
Shorten or merge multiple lines of `&> /dev/null &`
If I arrive in the UK, and then head to mainland Europe, does my Schengen visa 90 day limit start when I arrived in the UK, or mainland Europe?
Which European Languages are not Indo-European?
3 prong range outlet
How to melt snow without fire or using body heat?
What is the recommended procedure to land a taildragger in a crosswind?
Count all vowels in string
Why did Jon Snow do this immoral act if he is so honorable?
Why is unzipped directory exactly 4.0k (much smaller than zipped file)?
Need to read my home electrical Meter
A burglar's sunglasses, a lady's odyssey
Are cells guaranteed to get at least one mitochondrion when they divide?
Why is this integration method not valid?
Python program for fibonacci sequence using a recursive function
Does an eye for an eye mean monetary compensation?
Why does FOO=bar; export the variable into my environment
Can we assume that a hash function with high collision resistance also means highly uniform distribution?
Final exams: What is the most common protocol for scheduling?
Where is Jon going?
Is keeping the forking link on a true fork necessary (Github/GPL)?
Freedom of Speech and Assembly in China
Is there any chance a man can get the death penalty for causing a miscarriage?
Why did other houses not demand this?
Why does the setuid bit work inconsistently?
root owned program with setuid bit onWhy does setuid not work?Why isn't 'nethogs' installed with the setuid bit set?Why setuid does not work on executable?Using the setuid bit properlylinux setuid does not workWhat exactly differentiates the root user from every other user?Why doesn't setuid work with mount?SetUID bit not working in Ubuntu?setuid root does not work
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I wrote the code:
// a.c
#include <stdlib.h>
int main ()
system("/bin/sh");
return 0;
compiled with command:
gcc a.c -o a.out
added setuid bit on it:
sudo chown root.root a.out
sudo chmod 4755 a.out
On Ubuntu 14.04, when I run as general user, I got root privilege.
but on Ubuntu 16.04, I still got current user's shell.
Why is it different?
linux ubuntu security privileges setuid
edited May 17 at 5:04
muru
38.4k591168
asked May 16 at 17:37
user10883182user10883182
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I wrote the code:
// a.c
#include <stdlib.h>
int main ()
system("/bin/sh");
return 0;
compiled with command:
gcc a.c -o a.out
added setuid bit on it:
sudo chown root.root a.out
sudo chmod 4755 a.out
On Ubuntu 14.04, when I run as general user, I got root privilege.
but on Ubuntu 16.04, I still got current user's shell.
Why is it different?
linux ubuntu security privileges setuid
edited May 17 at 5:04
muru
38.4k591168
asked May 16 at 17:37
user10883182user10883182
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I wrote the code:
// a.c
#include <stdlib.h>
int main ()
system("/bin/sh");
return 0;
compiled with command:
gcc a.c -o a.out
added setuid bit on it:
sudo chown root.root a.out
sudo chmod 4755 a.out
On Ubuntu 14.04, when I run as general user, I got root privilege.
but on Ubuntu 16.04, I still got current user's shell.
Why is it different?
linux ubuntu security privileges setuid
edited May 17 at 5:04
muru
38.4k591168
asked May 16 at 17:37
user10883182user10883182
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I wrote the code:
// a.c
#include <stdlib.h>
int main ()
system("/bin/sh");
return 0;
compiled with command:
gcc a.c -o a.out
added setuid bit on it:
sudo chown root.root a.out
sudo chmod 4755 a.out
On Ubuntu 14.04, when I run as general user, I got root privilege.
but on Ubuntu 16.04, I still got current user's shell.
Why is it different?
linux ubuntu security privileges setuid
linux ubuntu security privileges setuid
edited May 17 at 5:04
muru
38.4k591168
asked May 16 at 17:37
user10883182user10883182
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited May 17 at 5:04
muru
38.4k591168
asked May 16 at 17:37
user10883182user10883182
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited May 17 at 5:04
muru
38.4k591168
edited May 17 at 5:04
muru
38.4k591168
edited May 17 at 5:04
muru
38.4k591168
38.4k591168
asked May 16 at 17:37
user10883182user10883182
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked May 16 at 17:37
user10883182user10883182
433
asked May 16 at 17:37
user10883182user10883182
433
433
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user10883182 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
What changed is that /bin/sh either became bash or stayed dash which got an additional flag -p mimicking bash's behaviour.
Bash requires the -p flag to not drop setuid privilege as explained in its man page:
If the shell is started with the effective user (group) id not equal to the real user
(group) id, and the -p option is not supplied, no startup files are read, shell functions
are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE
variables, if they appear in the environment, are ignored, and the effective user id is
set to the real user id. If the -p option is supplied at invocation, the startup behavior
is the same, but the effective user id is not reset.
Before, dash didn't care about this and allowed setuid execution (by doing nothing to prevent it). But Ubuntu 16.04's dash's manpage has an additional option described, similar to bash:
-p priv
Do not attempt to reset effective uid if it does not match uid. This is not set by default to help avoid incorrect usage by
setuid root programs via system(3) or popen(3).
This option didn't exist in upstream (which might not be have been reactive to a proposed patch*) nor Debian 9 but is present in Debian buster which got the patch since 2018.
NOTE: as explained by Stéphane Chazelas, it's too late to invoke "/bin/sh -p" in system() because system() runs anything given through /bin/sh and so the setuid is already dropped. derobert's answer explains how to handle this, in the code before system().
* more details on history here and there.
answered May 16 at 18:05
A.BA.B
6,81611233
system("bash -p")runssh -c "bash -p"so the privileges have already been dropped whenbashis executed.
– Stéphane Chazelas
May 16 at 18:07
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
1
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do asystem()with elevated privileges (which, granted, they shouldn't in the first place) end-up doing asetresuid()before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.
– Stéphane Chazelas
May 16 at 18:40
|
show 1 more comment
Probably the shell is changing its effective user ID back to the real user ID as part of its startup for some reason or another. You could verify this by adding:
/* needs _GNU_SOURCE; non-Linux users see setregid/setreuid instead */
uid_t euid = geteuid(), egid = getegid();
setresgid(egid, egid, egid);
setresuid(euid, euid, euid);
before your system(). (Actually, even on Linux, you probably only need to set the real ones; the saved ones should be fine to leave alone. This is just brute force to debug. Depending on why you're set-id, you may of course need to save the real IDs somewhere as well.)
[Also, if this isn't just an exercise learning how setid works, then there are lot of security issues to worry about, especially when calling a shell. There are many environment variables, for example, that affect the shell's behavior. Prefer an already-existing approach like sudo if at all possible.]
answered May 16 at 18:05
derobertderobert
76.5k8165223
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
user10883182 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f519338%2fwhy-does-the-setuid-bit-work-inconsistently%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
What changed is that /bin/sh either became bash or stayed dash which got an additional flag -p mimicking bash's behaviour.
Bash requires the -p flag to not drop setuid privilege as explained in its man page:
If the shell is started with the effective user (group) id not equal to the real user
(group) id, and the -p option is not supplied, no startup files are read, shell functions
are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE
variables, if they appear in the environment, are ignored, and the effective user id is
set to the real user id. If the -p option is supplied at invocation, the startup behavior
is the same, but the effective user id is not reset.
Before, dash didn't care about this and allowed setuid execution (by doing nothing to prevent it). But Ubuntu 16.04's dash's manpage has an additional option described, similar to bash:
-p priv
Do not attempt to reset effective uid if it does not match uid. This is not set by default to help avoid incorrect usage by
setuid root programs via system(3) or popen(3).
This option didn't exist in upstream (which might not be have been reactive to a proposed patch*) nor Debian 9 but is present in Debian buster which got the patch since 2018.
NOTE: as explained by Stéphane Chazelas, it's too late to invoke "/bin/sh -p" in system() because system() runs anything given through /bin/sh and so the setuid is already dropped. derobert's answer explains how to handle this, in the code before system().
* more details on history here and there.
answered May 16 at 18:05
A.BA.B
6,81611233
system("bash -p")runssh -c "bash -p"so the privileges have already been dropped whenbashis executed.
– Stéphane Chazelas
May 16 at 18:07
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
1
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do asystem()with elevated privileges (which, granted, they shouldn't in the first place) end-up doing asetresuid()before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.
– Stéphane Chazelas
May 16 at 18:40
|
show 1 more comment
What changed is that /bin/sh either became bash or stayed dash which got an additional flag -p mimicking bash's behaviour.
Bash requires the -p flag to not drop setuid privilege as explained in its man page:
If the shell is started with the effective user (group) id not equal to the real user
(group) id, and the -p option is not supplied, no startup files are read, shell functions
are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE
variables, if they appear in the environment, are ignored, and the effective user id is
set to the real user id. If the -p option is supplied at invocation, the startup behavior
is the same, but the effective user id is not reset.
Before, dash didn't care about this and allowed setuid execution (by doing nothing to prevent it). But Ubuntu 16.04's dash's manpage has an additional option described, similar to bash:
-p priv
Do not attempt to reset effective uid if it does not match uid. This is not set by default to help avoid incorrect usage by
setuid root programs via system(3) or popen(3).
This option didn't exist in upstream (which might not be have been reactive to a proposed patch*) nor Debian 9 but is present in Debian buster which got the patch since 2018.
NOTE: as explained by Stéphane Chazelas, it's too late to invoke "/bin/sh -p" in system() because system() runs anything given through /bin/sh and so the setuid is already dropped. derobert's answer explains how to handle this, in the code before system().
* more details on history here and there.
answered May 16 at 18:05
A.BA.B
6,81611233
system("bash -p")runssh -c "bash -p"so the privileges have already been dropped whenbashis executed.
– Stéphane Chazelas
May 16 at 18:07
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
1
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do asystem()with elevated privileges (which, granted, they shouldn't in the first place) end-up doing asetresuid()before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.
– Stéphane Chazelas
May 16 at 18:40
|
show 1 more comment
What changed is that /bin/sh either became bash or stayed dash which got an additional flag -p mimicking bash's behaviour.
Bash requires the -p flag to not drop setuid privilege as explained in its man page:
If the shell is started with the effective user (group) id not equal to the real user
(group) id, and the -p option is not supplied, no startup files are read, shell functions
are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE
variables, if they appear in the environment, are ignored, and the effective user id is
set to the real user id. If the -p option is supplied at invocation, the startup behavior
is the same, but the effective user id is not reset.
Before, dash didn't care about this and allowed setuid execution (by doing nothing to prevent it). But Ubuntu 16.04's dash's manpage has an additional option described, similar to bash:
-p priv
Do not attempt to reset effective uid if it does not match uid. This is not set by default to help avoid incorrect usage by
setuid root programs via system(3) or popen(3).
This option didn't exist in upstream (which might not be have been reactive to a proposed patch*) nor Debian 9 but is present in Debian buster which got the patch since 2018.
NOTE: as explained by Stéphane Chazelas, it's too late to invoke "/bin/sh -p" in system() because system() runs anything given through /bin/sh and so the setuid is already dropped. derobert's answer explains how to handle this, in the code before system().
* more details on history here and there.
answered May 16 at 18:05
A.BA.B
6,81611233
What changed is that /bin/sh either became bash or stayed dash which got an additional flag -p mimicking bash's behaviour.
Bash requires the -p flag to not drop setuid privilege as explained in its man page:
If the shell is started with the effective user (group) id not equal to the real user
(group) id, and the -p option is not supplied, no startup files are read, shell functions
are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE
variables, if they appear in the environment, are ignored, and the effective user id is
set to the real user id. If the -p option is supplied at invocation, the startup behavior
is the same, but the effective user id is not reset.
Before, dash didn't care about this and allowed setuid execution (by doing nothing to prevent it). But Ubuntu 16.04's dash's manpage has an additional option described, similar to bash:
-p priv
Do not attempt to reset effective uid if it does not match uid. This is not set by default to help avoid incorrect usage by
setuid root programs via system(3) or popen(3).
This option didn't exist in upstream (which might not be have been reactive to a proposed patch*) nor Debian 9 but is present in Debian buster which got the patch since 2018.
NOTE: as explained by Stéphane Chazelas, it's too late to invoke "/bin/sh -p" in system() because system() runs anything given through /bin/sh and so the setuid is already dropped. derobert's answer explains how to handle this, in the code before system().
* more details on history here and there.
answered May 16 at 18:05
A.BA.B
6,81611233
edited May 16 at 18:40
answered May 16 at 18:05
A.BA.B
6,81611233
answered May 16 at 18:05
A.BA.B
6,81611233
answered May 16 at 18:05
A.BA.B
6,81611233
6,81611233
system("bash -p")runssh -c "bash -p"so the privileges have already been dropped whenbashis executed.
– Stéphane Chazelas
May 16 at 18:07
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
1
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do asystem()with elevated privileges (which, granted, they shouldn't in the first place) end-up doing asetresuid()before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.
– Stéphane Chazelas
May 16 at 18:40
|
show 1 more comment
system("bash -p")runssh -c "bash -p"so the privileges have already been dropped whenbashis executed.
– Stéphane Chazelas
May 16 at 18:07
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
1
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do asystem()with elevated privileges (which, granted, they shouldn't in the first place) end-up doing asetresuid()before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.
– Stéphane Chazelas
May 16 at 18:40
system("bash -p") runs sh -c "bash -p" so the privileges have already been dropped when bash is executed.– Stéphane Chazelas
May 16 at 18:07
system("bash -p") runs sh -c "bash -p" so the privileges have already been dropped when bash is executed.– Stéphane Chazelas
May 16 at 18:07
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
oh well ok. I'll remove the "solution" part better handled by derobert's answer anyway.
– A.B
May 16 at 18:08
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
See also bugs.debian.org/cgi-bin/bugreport.cgi?bug=734869
– Stéphane Chazelas
May 16 at 18:16
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
Looks like Ubuntu fixed dash in wily (15.10). bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
– Mark Plotnick
May 16 at 18:20
1
1
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do a
system() with elevated privileges (which, granted, they shouldn't in the first place) end-up doing a setresuid() before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.– Stéphane Chazelas
May 16 at 18:40
Note that Debian used to go the other way round. It used to patch bash so as not to drop privileges. Whether it's an improvement is arguable. Now, people who want to do a
system() with elevated privileges (which, granted, they shouldn't in the first place) end-up doing a setresuid() before which is a lot worse as then the shell doesn't know it's suid so doesn't activate the mode where it doesn't trust its environment.– Stéphane Chazelas
May 16 at 18:40
|
show 1 more comment
Probably the shell is changing its effective user ID back to the real user ID as part of its startup for some reason or another. You could verify this by adding:
/* needs _GNU_SOURCE; non-Linux users see setregid/setreuid instead */
uid_t euid = geteuid(), egid = getegid();
setresgid(egid, egid, egid);
setresuid(euid, euid, euid);
before your system(). (Actually, even on Linux, you probably only need to set the real ones; the saved ones should be fine to leave alone. This is just brute force to debug. Depending on why you're set-id, you may of course need to save the real IDs somewhere as well.)
[Also, if this isn't just an exercise learning how setid works, then there are lot of security issues to worry about, especially when calling a shell. There are many environment variables, for example, that affect the shell's behavior. Prefer an already-existing approach like sudo if at all possible.]
answered May 16 at 18:05
derobertderobert
76.5k8165223
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
add a comment |
Probably the shell is changing its effective user ID back to the real user ID as part of its startup for some reason or another. You could verify this by adding:
/* needs _GNU_SOURCE; non-Linux users see setregid/setreuid instead */
uid_t euid = geteuid(), egid = getegid();
setresgid(egid, egid, egid);
setresuid(euid, euid, euid);
before your system(). (Actually, even on Linux, you probably only need to set the real ones; the saved ones should be fine to leave alone. This is just brute force to debug. Depending on why you're set-id, you may of course need to save the real IDs somewhere as well.)
[Also, if this isn't just an exercise learning how setid works, then there are lot of security issues to worry about, especially when calling a shell. There are many environment variables, for example, that affect the shell's behavior. Prefer an already-existing approach like sudo if at all possible.]
answered May 16 at 18:05
derobertderobert
76.5k8165223
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
add a comment |
Probably the shell is changing its effective user ID back to the real user ID as part of its startup for some reason or another. You could verify this by adding:
/* needs _GNU_SOURCE; non-Linux users see setregid/setreuid instead */
uid_t euid = geteuid(), egid = getegid();
setresgid(egid, egid, egid);
setresuid(euid, euid, euid);
before your system(). (Actually, even on Linux, you probably only need to set the real ones; the saved ones should be fine to leave alone. This is just brute force to debug. Depending on why you're set-id, you may of course need to save the real IDs somewhere as well.)
[Also, if this isn't just an exercise learning how setid works, then there are lot of security issues to worry about, especially when calling a shell. There are many environment variables, for example, that affect the shell's behavior. Prefer an already-existing approach like sudo if at all possible.]
answered May 16 at 18:05
derobertderobert
76.5k8165223
Probably the shell is changing its effective user ID back to the real user ID as part of its startup for some reason or another. You could verify this by adding:
/* needs _GNU_SOURCE; non-Linux users see setregid/setreuid instead */
uid_t euid = geteuid(), egid = getegid();
setresgid(egid, egid, egid);
setresuid(euid, euid, euid);
before your system(). (Actually, even on Linux, you probably only need to set the real ones; the saved ones should be fine to leave alone. This is just brute force to debug. Depending on why you're set-id, you may of course need to save the real IDs somewhere as well.)
[Also, if this isn't just an exercise learning how setid works, then there are lot of security issues to worry about, especially when calling a shell. There are many environment variables, for example, that affect the shell's behavior. Prefer an already-existing approach like sudo if at all possible.]
answered May 16 at 18:05
derobertderobert
76.5k8165223
edited May 16 at 19:16
answered May 16 at 18:05
derobertderobert
76.5k8165223
answered May 16 at 18:05
derobertderobert
76.5k8165223
answered May 16 at 18:05
derobertderobert
76.5k8165223
76.5k8165223
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
add a comment |
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
I concentrated on the why it changed, while you provided the how to avoid the issue. +1
– A.B
May 16 at 18:07
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
Of course, if you really do need somewhere to save the real IDs, the saved ID is an awfully convenient place to do it. Especially if the effective IDs are not root:root.
– Kevin
May 17 at 3:25
add a comment |
user10883182 is a new contributor. Be nice, and check out our Code of Conduct.
user10883182 is a new contributor. Be nice, and check out our Code of Conduct.
user10883182 is a new contributor. Be nice, and check out our Code of Conduct.
user10883182 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f519338%2fwhy-does-the-setuid-bit-work-inconsistently%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
