eegrok/setuid_script.cpp

## setuid_script.cpp
// create a file named setuid_script.cpp with the following contents:

#include <stdio.h>
#include <stdlib.h>
#include <iostream>
#include <unistd.h>


int main(int argc, const char* argv[]) {
    printf(
        "Real      UID = %d\n"
        "Effective UID = %d\n"
        "Real      GID = %d\n"
        "Effective GID = %d\n",
        getuid (),
        geteuid(),
        getgid (),
        getegid()
    );
  setuid(geteuid());// bash as a safety measure sets the effective uid to be the real uid before running anything
// setting the uid to root here circumvents that -- make sure anything you do here is very safe
// (doesn't call another script, e.g.) -- and sanitizes any data passed in, etc...

  system("touch /tmp/owner-of-file-will-create");
}

/*
then execute the following:
g++ setuid_script.cpp -o setuid_script
sudo chown root setuid_script
sudo chmod ug+s setuid_script
./setuid_script

# the file will be created by root regardless of the user that runs the ./setuid_script

*/
	// create a file named setuid_script.cpp with the following contents:

	#include <stdio.h>
	#include <stdlib.h>
	#include <iostream>
	#include <unistd.h>


	int main(int argc, const char* argv[]) {
	printf(
	"Real UID = %d\n"
	"Effective UID = %d\n"
	"Real GID = %d\n"
	"Effective GID = %d\n",
	getuid (),
	geteuid(),
	getgid (),
	getegid()
	);
	setuid(geteuid());// bash as a safety measure sets the effective uid to be the real uid before running anything
	// setting the uid to root here circumvents that -- make sure anything you do here is very safe
	// (doesn't call another script, e.g.) -- and sanitizes any data passed in, etc...

	system("touch /tmp/owner-of-file-will-create");
	}

	/*
	then execute the following:
	g++ setuid_script.cpp -o setuid_script
	sudo chown root setuid_script
	sudo chmod ug+s setuid_script
	./setuid_script

	# the file will be created by root regardless of the user that runs the ./setuid_script

	*/