1

I am trying to execute the C++ compiled program as root, while I am another user.

Program is successfully executed, but as a regular user, not the root.

However, as the internet says, chmod u+s command makes it run as the owner (in my case - root).

Program is a simple system(argv[1]) line, which will execute everything inside the command line argument.

For example - Output for whoami returns my user, not the root.

Also trying to list contents of /root ends up in "Permission denied".

Permissions of the file -

-rwsr-xr-x  1 root     root     16608 Aug 25 15:20 test

At this moment I tried to make permissions of the file 4755 (no luck there).

Moving file in /root was also not lucky.

Improve this question

1 Answer 1

Reset to default
0

The system() call uses the execl() system call to create a new shell process. But the system call ignores the effective user id and returns EPERM error (permission denied).

This is because linux shells do not inherit the seteuid bit. Why? Well because there are real concerns about running a script with the effective user id as root. For more reading on the topic see here.

It is possible to run a shell which acts on the effective UID by passing the -p parameter. From the sh man page:

-p priv Do not attempt to reset effective uid if it does not match uid. This is not set by default to help avoid incorrect usage by setuid root programs via system(3) or popen(3).

The restriction of course does not apply to system calls. As a demo, this C program attempts to list /root using system(), and then does the same using the opendir() and readdir() system calls.

If the binary is owned by root with the set user Id set, a non-root user running the program will result in the first /root listing fails, the second (using display_dir() works.

#include<stdio.h>
#include<stdlib.h>
#include<fcntl.h>
#include<sys/stat.h>
#include<dirent.h>
#include<errno.h>

int display_dir(const char *dirname)
{
    DIR *dp = opendir(dirname);
    struct dirent *sd=NULL;
    if (!dp) return(errno);
    while ((sd = readdir(dp)) != NULL)
    {
        printf("%s\n", sd->d_name);
    }
    closedir(dp);
    return 0;
}

int main()
{
    system("ls /root");
    printf("Display returned %d\n", display_dir("/root"));
}
Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .