Created
May 26, 2011 00:52
-
-
Save eegrok/992322 to your computer and use it in GitHub Desktop.
use setuid to create script that will run as a specific user regardless of the user running it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// create a file named setuid_script.cpp with the following contents: | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <iostream> | |
#include <unistd.h> | |
int main(int argc, const char* argv[]) { | |
printf( | |
"Real UID = %d\n" | |
"Effective UID = %d\n" | |
"Real GID = %d\n" | |
"Effective GID = %d\n", | |
getuid (), | |
geteuid(), | |
getgid (), | |
getegid() | |
); | |
setuid(geteuid());// bash as a safety measure sets the effective uid to be the real uid before running anything | |
// setting the uid to root here circumvents that -- make sure anything you do here is very safe | |
// (doesn't call another script, e.g.) -- and sanitizes any data passed in, etc... | |
system("touch /tmp/owner-of-file-will-create"); | |
} | |
/* | |
then execute the following: | |
g++ setuid_script.cpp -o setuid_script | |
sudo chown root setuid_script | |
sudo chmod ug+s setuid_script | |
./setuid_script | |
# the file will be created by root regardless of the user that runs the ./setuid_script | |
*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment