patterncMinor
Calling a script with a setuid set
Viewed 0 times
scriptwithsetuidcallingset
Problem
I wanted to launch a bash script (read: bash not sh script) as a root not as the user calling it, however bash ignore
This worked well and I went even further to verify that the script has
The exercise was not only to solve my problem, but it was also a way to get more into C, so what do you suggest? Is there anything I should improve?
setuid on scripts, so I chose to write a very small script that takes a script/arguments and call it with setuid set.This worked well and I went even further to verify that the script has
setuid set on, executable and setuid() called on the owner of the file and not as root, to avoid any misuse of the program and I ended up with the program below.#include
#include
#include
#include
#include
int main(int argc, char **argv)
{
char *command;
int i, file_owner, size = 0;
struct stat status_buf;
ushort file_mode;
// Check argc
if (argc [arguments]\n", argv[0]);
return 1;
}
// Make sure the script does exist
if(fopen(argv[1], "r") == NULL) {
printf("The file %s does not exist.\n", argv[1]);
return 1;
}
// Get the attributes of the file
stat(argv[1], &status_buf);
// Get the permissions of the file
file_mode = status_buf.st_mode;
// Make sure it's executable and it's setuid
if(file_mode >> 6 != 567) {
printf("The file %s should be executable and should have setuid set, please chmod it 0106755.\n", argv[1]);
return 1;
}
// Get the owner of the script
file_owner = status_buf.st_uid;
// setuid
setuid(file_owner);
// Generate the command
for (i = 1; i 2) {
for (i = 2; i < argc; i++) {
sprintf(command, "%s %s", command, argv[i]);
}
}
// Execute the command
system(command);
// free memory
free(command);
return 0;
}The exercise was not only to solve my problem, but it was also a way to get more into C, so what do you suggest? Is there anything I should improve?
Solution
-
Check for errors in
-
Do you really want the
-
The
-
Instead of returning 0, you might want to return the child process's exit code (which you can get with
Check for errors in
stat, setuid, fork, and execvp, to name a few. If the exec fails in the child you should call exit.-
Do you really want the
p in execvp? This is not guaranteed to be the same as the argv[1] you just stat-ed. If argv[1] is ls your stat will look for a file at ./ls and it will likely find the program in /bin. I would use execve and either do that PATH lookup yourself or simply omit that part and require the user to specify a full path for something in PATH (eg. /bin/ls instead of just ls).-
The
stat + observe state + exec thing is a race condition. Another process can change the attributes on the file in that timing window. This may or may not be important to you. Given that this is a security-ish program I would say it may very well be.-
Instead of returning 0, you might want to return the child process's exit code (which you can get with
waitpid.) You might also want to return nonzero when the functions I mention in #1 fail. This way a shell script or something calling you programmatically can determine success or failure.Context
StackExchange Code Review Q#2883, answer score: 2
Revisions (0)
No revisions yet.