Re: suid-root C programmes

To: debian-user@lists.debian.org (debian)
Subject: Re: suid-root C programmes
From: "E.L. Meijer \(Eric\)" <tgakem@sg10.chem.tue.nl>
Date: Wed, 10 Feb 1999 09:58:46 +0100 (MET)
Message-id: <[🔎] 199902100858.JAA19696@sg10.chem.tue.nl>
In-reply-to: <[🔎] 3.0.6.32.19990210151026.007bd5e0@pop.vianet.net.au> from "ivan" at Feb 10, 99 03:10:26 pm

> 
> Sorry to bug the list with yet another programming problem but ...
> 
> What permissions on the file do I need to change to allow an ordinary user
> to run a setuid-root programme ?  The programme below compiles and runs if
> I compile & run as root but does not work if run by a user regardless of
> who compiles it.  What am I doing wrong ?

[ ... skipped source code ...]

If a program is setuid root depends on the file permissions.  If you
could just become root like you tried by changing the uid in a
C-program, then any user could do this and there would be no security in
the system.  To make a program run as root, do the following:

If it is not owned by root yet:

$ chown root myprog

Then

$ chmod +s myprog

Now the program will run with uid 0 regardless of who runs it.  The
setuid function is normally used to drop the root permissions in parts
of the program where they are not really needed.  This is then done as a
security measure.  This topic is discussed clearly and at length in the
libc documentation: if you installed the docs, just type info libc and
check out the `Users and Groups' section.

HTH,
Eric

-- 
 E.L. Meijer (tgakem@chem.tue.nl)          | tel. office +31 40 2472189
 Eindhoven Univ. of Technology             | tel. lab.   +31 40 2475032
 Lab. for Catalysis and Inorg. Chem. (TAK) | tel. fax    +31 40 2455054

Reply to:

References:
- suid-root C programmes
  - From: ivan <ivan@freddie.vianet.net.au>

Prev by Date: Re: Ping run-away
Next by Date: Re: PCI Linksys card in Hamm
Previous by thread: suid-root C programmes
Next by thread: Re: Deutcland Finnland uber Alles !
Index(es):
- Date
- Thread