0

I created a VERY simple script:

//#escalate.c - a setuid utility so that we can call shutdown
//# and other things safely without needing root access. We 
//# do need to:
//# gcc escalate.c -o escalate.out
//# sudo chown root:root escalate.out
//# sudo chmod 4755 escalate.out
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
int main()
{
 int status;
 status = setuid( 0 ); // you can set it at run time also
 system("date > /tmp/date.fil");
 return errno;
 }

On Raspian it generates the file in /tmp, owned by the root and returns 0 as expected.

On Ubuntu 22 it created the file owned by ME and the return status is 1. What am I missing about setuid(0); ?

I tried creating, modifying the permissions and ownership etc. On Raspian it works like a charm, on Ubuntu it does not.

================== OK - solved it myself. On Ubuntu I was running with an encrypted home and so it was mounted with nosuid set.

asked Nov 23, 2022 at 19:36
5
  • You said the "return status" is 1 but are you talking about int status; or errno? You aren't printing status at all so how do you know its value? Could you run ls -l escalate.out on both systems so we can check the permissions? Also maybe you should just use the sudoers file: you can configure it to allow certain users to run certain commands and nothing else. Commented Nov 23, 2022 at 19:40
  • Both setuid and system use return values and errno to communicate their errors so the way you are doing your error handling will make it hard to tell what's going on. I would recommend checking the return value of each of these function calls and if it indicates an error, then you should print the info you have about the error and end the program before doing anything else. Commented Nov 23, 2022 at 19:44
  • I was getting errno as the return status. This is why I did not need to print it. Commented Nov 23, 2022 at 20:05
  • But, it is slved now = the problem was a nosuid mount Commented Nov 23, 2022 at 20:05
  • You were returning errno from main but you were not allowing yourself to know whether that error came from setuid or system, which makes troubleshooting difficult. Also the range of process return codes is 0 to 255 and I wouldn't trust errno to always be in that range. Commented Nov 23, 2022 at 22:14

1 Answer 1

1

the problem was that the file system was mounted nosuid

answered Nov 23, 2022 at 20:06
Sign up to request clarification or add additional context in comments.

1 Comment

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.