System call with root level privileges

This is a discussion on System call with root level privileges within the Linux Programming forums, part of the Platform Specific Boards category; Hi, I needed my application to change the hardware date & time with a system call to "hwclock". Unfortunately, "hwclock" ...

  1. #1
    In the Land of Diddly-Doo g4j31a5's Avatar
    Join Date
    Jul 2006
    Posts
    476

    System call with root level privileges

    Hi, I needed my application to change the hardware date & time with a system call to "hwclock". Unfortunately, "hwclock" requires a root / superuser level access. I could make the machine to always log with root though I think it will be a bad practice. I just needed this code to work:

    Code:
    std::string command="hwclock --set --date=";
    std::string dateInput;
    /*
    Date input from the user.
    */
    dateInput="\'..........\'"; //........... == user input
    command+=dateInput;
    system(command.c_str());
    Can anybody help me please?
    ERROR: Brain not found. Please insert a new brain!

    “Do nothing which is of no use.” - Miyamoto Musashi.

  2. #2
    Crazy Fool Perspective's Avatar
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    2,640
    Why not run your program with root privilages, you don't need to login as root, you can use sudo for example.

  3. #3
    In the Land of Diddly-Doo g4j31a5's Avatar
    Join Date
    Jul 2006
    Posts
    476
    Quote Originally Posted by Perspective View Post
    Why not run your program with root privilages, you don't need to login as root, you can use sudo for example.
    You mean like creating a bash script containing:
    Code:
    sudo my_program
    ?

    Haven't thought about that. Maybe I'll try that first. Thanks.
    ERROR: Brain not found. Please insert a new brain!

    “Do nothing which is of no use.” - Miyamoto Musashi.

  4. #4
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    Quote Originally Posted by g4j31a5 View Post
    Hi, I needed my application to change the hardware date & time with a system call to "hwclock". Unfortunately, "hwclock" requires a root / superuser level access. I could make the machine to always log with root though I think it will be a bad practice. I just needed this code to work:
    Typically this is solved by creating a small setuid binary owned by root. This program does nothing except launch hwclock with root privileges, then quits. Anybody can run this program and it will execute with root privileges.

    When writing such things, you must write PERFECT code. Never use system(). Never look at the PATH variable or any other environment variable (an evil user could change them to cause your program to do bad things). Do what you need to do and then give up privileges as soon as possible.

    In this specific case, DEFINITELY don't use system() to launch the hwclock program. The system() call launches a shell. The shell looks in the path. The path may have been set to point to some malicious "hwclock" program that compromises the entire system.

    In fact, maybe I shouldn't even be explaining how to do this. Be careful!

    EDIT: I also think that sudo is the best way to do this. sudo is pretty well tested.

  5. #5
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,531
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  6. #6
    .
    Join Date
    Nov 2003
    Posts
    307
    FWIW - changing system time is NOT something any joe blow should be allowed to do.
    Run by sysadmins only, ie. somebody who is root or can su to run the code. setuid is, IMO, a bad idea.

    Can you not use stime() or settimeofday() ? These also require privilege and are pretty standard in most unixes - POSIX does not specify how a system's time is set.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Pointer confusion
    By Blackroot in forum C++ Programming
    Replies: 11
    Last Post: 09-12-2007, 12:44 AM
  2. System call to call another C file from Existing C File
    By simly01 in forum C++ Programming
    Replies: 2
    Last Post: 07-31-2002, 01:29 PM
  3. system call
    By stautze in forum C Programming
    Replies: 2
    Last Post: 05-07-2002, 12:48 PM
  4. exec system call
    By weedus in forum Linux Programming
    Replies: 3
    Last Post: 03-07-2002, 08:34 PM
  5. Pls help me to do this project in C I need source code
    By sureshmenon74 in forum C Programming
    Replies: 4
    Last Post: 10-04-2001, 06:57 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21