Adam Palmer, Linux, PHP Programmer, MySQL Developer, Embedded Hardware, Security Consultant
msgbartop
Adam Palmer MBCS CITP, Linux, PHP Programmer, MySQL Developer, Embedded Hardware, Security Consultant
Did my blog help you? Please link to me!
  dns test
 
RSS Feed
msgbarbottom

03 Oct 09 Linux C setuid setgid tutorial

Here’s a very brief example of how to use setuid() and setgid() functions in your C program.

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

int main(void)
{

int current_uid = getuid();
printf(”My UID is: %d. My GID is: %d\n”, current_uid, getgid());
system(”/usr/bin/id”);

if (setuid(0))
{

perror(”setuid”);
return 1;

}

//I am now root!
printf(”My UID is: %d. My GID is: %d\n”, getuid(), getgid());
system(”/usr/bin/id”);

//Time to drop back to regular user priviledges
setuid(current_uid);
printf(”My UID is: %d. My GID is: %d\n”, getuid(), getgid());
system(”/usr/bin/id”);

return 0;

}

The program above should be pretty self explainatory, now:

adam@staging:~$ gcc -O2 -ggdb -o setuid setuid.c
adam@staging:~$ ls -al setuid
-rwxr-xr-x 1 adam adam 9792 2009-10-03 18:09 setuid
adam@staging:~$


Trying to run the application now will result in:

adam@staging:~$ ./setuid
My UID is: 1000. My GID is: 1000
uid=1000(adam) gid=1000(adam) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(adam)
setuid: Operation not permitted

The setuid(0) call fails, as the application does not have permission to gain root access.

adam@staging:~$ su – root
Password:
staging:~# cd /home/adam
staging:/home/adam# chown root.root setuid
staging:/home/adam# chmod +s setuid
staging:/home/adam# ls -al setuid
-rwsr-sr-x 1 root root 9792 2009-10-03 18:09 setuid
staging:/home/adam# exit
logout
adam@staging:~$

And now:

adam@staging:~$ ./setuid
My UID is: 1000. My GID is: 1000
uid=1000(adam) gid=1000(adam) euid=0(root) egid=0(root) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(adam)
My UID is: 0. My GID is: 1000
uid=0(root) gid=1000(adam) egid=0(root) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(adam)
My UID is: 1000. My GID is: 1000
uid=1000(adam) gid=1000(adam) egid=0(root) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(adam)
adam@staging:~$

Works just as expected!

Now:

adam@staging:~$ rm -f setuid setuid.c

We don’t want to leave things like that lying around…

Tags: , , , , ,

Filed in C/C++, Development, Linux
« Linux Security Freelancer – Securing a node – Where to start?
UK VPS »


Leave a Comment

Adam Palmer I'm Adam Palmer, and I'm a Freelance Embedded Linux/Embedded Hardware enthusiast and Security Consultant. I run 'APNIC Solutions Ltd' and spend most of my time managing server clusters, and doing some PHP/MySQL development, whilst what little spare time I have is dedicated to playing with gadgets. I'm always happy to consult on or manage any Linux related, Web Application or Hosting project. Please get in touch with me!
sidebartop

Most Popular

sidebarbottom
sidebartop

Twitter

    sidebarbottom
    sidebartop

    Pages

    sidebarbottom
    sidebartop

    Categories

    sidebarbottom
    sidebartop

    Meta

    sidebarbottom
    sidebartop

    Recent Comments

    sidebarbottom
    sidebartop

    Recent Posts

    sidebarbottom
    sidebartop

    Tags

    sidebarbottom
    sidebartop

    Archives

    sidebarbottom
    sidebartop

     

    March 2010
    M T W T F S S
    « Feb    
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
    sidebarbottom
    sidebartop

    Widgets & Links

      RSS Feed
    sidebarbottom
    © Adam Palmer, Linux, PHP Programmer, MySQL Developer, Embedded Hardware, Security Consultant   |  Contact Me  |  My Resume & Portfolio