Thread: Setuid function ???

  1. #1
    Registered User
    Join Date
    Dec 2005
    Posts
    3

    Setuid function ???

    Hello everybody

    I have written simple code about usage of setuid. this program file set-user-id bit is on and this process after exec when I execute this program, effective user id and saved-user-id bit will be program-file's user id. this correct?

    But the last output when I set uid to 80(www) ,effective user id wasn't 80. Why not? saved set user id is still 80? What is the problem?


    I compiled below code with gcc and I set-user-id bit and change own file with this command

    Code:
     #include <stdlib.h>
    #include <stdio.h>
    #include <unistd.h>
    #include <sys/types.h>
    
    int main(void)
    {
      
        printf("Real UID\t= &#37;d\n", getuid());
        printf("Effective UID\t= %d\n", geteuid());
        printf("Real GID\t= %d\n", getgid());
        printf("Effective GID\t= %d\n", getegid());
    	
    	 setuid(1001);
        printf("Real UID\t= %d\n", getuid());
        printf("Effective UID\t= %d\n", geteuid());
        printf("Real GID\t= %d\n", getgid());
        printf("Effective GID\t= %d\n", getegid());
    
    setuid(80);
        printf("Real UID\t= %d\n", getuid());
        printf("Effective UID\t= %d\n", geteuid());
        printf("Real GID\t= %d\n", getgid());
        printf("Effective GID\t= %d\n", getegid());
        return EXIT_SUCCESS;
    }
    gcc setuid-simple.c -o setuid-simple
    #[root] chown www setuid-simple
    #[root] chmod 4755 setuid-simple

    and output with ls command
    -rwsr-xr-x 1 www wheel 5708 23 Ara 11:41 setuid-simple


    this is program's output:

    Real UID = 1001
    Effective UID = 80
    Real GID = 0
    Effective GID = 0
    /*setuid(1001)*/
    Real UID = 1001
    Effective UID = 1001
    Real GID = 0
    Effective GID = 0
    /*setuid(80)*/
    Real UID = 1001
    Effective UID = 1001
    Real GID = 0
    Effective GID = 0


  2. #2
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Only root can setuid().

  3. #3
    Registered User
    Join Date
    Dec 2005
    Posts
    3
    Not only root can setuid. Explained here below.
    If the process has superuser privileges, the setuid function sets the real user ID, effective user ID, and saved set-user-ID to uid.

    If the process does not have superuser privileges, but uid equals either the real user ID or the saved set-user-ID, setuid sets only the effective user ID to uid. The real user ID and the saved set-user-ID are not changed.

    If neither of these two conditions is true, errno is set to EPERM, and 1 is returned.

  4. #4
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    What does your second setuid() call return?
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  5. #5
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by wampire View Post
    Not only root can setuid. Explained here below.
    Only root can setuid() to any UID you please, which is what OP was trying to do.

  6. #6
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    It wasn't any UID. It was the one of the user running the program, as you can see from the real UID. And then back to the setuid user.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  7. #7
    Registered User
    Join Date
    Dec 2005
    Posts
    3
    but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.

  8. #8
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Actually, your saved uid is 1001, because that's the user who starts the app. Then you do the setuid to 1001, setting the effective uid (which was 80) to 1001. The saved uid doesn't change. Thus, at the time you call setuid(80), ruid, euid and suid are all 1001, so the setuid call fails.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  9. #9
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by wampire View Post
    but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.
    Look at the printf's. The real and effective UID are both 1001. How on earth do you expect to be able to setuid(80)?

  10. #10
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by wampire View Post
    but after exec My saved-user-id is 80 and second setuid must set effective user id to 80 but these program dont do it.
    At the point the real and effective UIDs became 1001, the number "80" lost all significance whatsoever and became "any UID you please."

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Compiling sample DarkGDK Program
    By Phyxashun in forum Game Programming
    Replies: 6
    Last Post: 01-27-2009, 03:07 AM
  2. Seg Fault in Compare Function
    By tytelizgal in forum C Programming
    Replies: 1
    Last Post: 10-25-2008, 03:06 PM
  3. Another syntax error
    By caldeira in forum C Programming
    Replies: 31
    Last Post: 09-05-2008, 01:01 AM
  4. Replies: 28
    Last Post: 07-16-2006, 11:35 PM
  5. const at the end of a sub routine?
    By Kleid-0 in forum C++ Programming
    Replies: 14
    Last Post: 10-23-2005, 06:44 PM