Last active
July 5, 2020 06:23
-
-
Save pastleo/fa5d5f14b90b1b28e743f522ae682c04 to your computer and use it in GitHub Desktop.
setuid experiment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| // provides printf() | |
| #include <stdlib.h> | |
| // provides system() | |
| #include <unistd.h> | |
| // provides getuid(), geteuid(), setuid() | |
| int main () | |
| { | |
| // https://en.wikipedia.org/wiki/Setuid | |
| // setuid will not work on script executables (ex. files begin with #!/bin/bash) | |
| // because the real executable is /bin/bash (or node/ruby...) | |
| // and sub-process will be run as original user | |
| // root: | |
| // gcc setuid-experiment.c -o setuid-experiment | |
| // chmod 4711 setuid-experiment | |
| // user: | |
| // ./setuid-experiment | |
| // at first a.out is started with uid: user and effective uid: 0 | |
| printf("uid: %d, euid: %d\n", getuid(), geteuid()); | |
| system("id"); // when running system call, bash runs using uid, not euid | |
| // https://unix.stackexchange.com/questions/369883/setuid-root-does-not-work | |
| // we need this to make the process really running as root | |
| setuid(0); | |
| // now we are really root | |
| printf("uid: %d, euid: %d\n", getuid(), geteuid()); | |
| system("id"); | |
| // finally this will work | |
| system("ls /root"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment