setuid(0) fails to execute for root owned program

I need to write some code which can gain root priveleges and execute system level operations. Here’s what I’ve written (this is not the actual code, just to test if I’m doing things correctly or not):

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
int main(void)
{
    int current_uid = getuid();
    printf("My UID is: %d. My GID is: %dn", current_uid, getgid());
    system("/usr/bin/id");
    if (setuid(0))
    {
        perror("setuid");
        return 1;
    }
    //I am now root!
    printf("My UID is: %d. My GID is: %dn", getuid(), getgid());
    system("/usr/bin/id");
    //Time to drop back to regular user privileges
    setuid(current_uid);
    printf("My UID is: %d. My GID is: %dn", getuid(), getgid());
    system("/usr/bin/id");
    return 0;
}

JavaScript
​x
 
#include <stdio.h>#include <sys/types.h>#include <unistd.h>int main(void){    int current_uid = getuid();    printf("My UID is: %d. My GID is: %dn", current_uid, getgid());    system("/usr/bin/id");    if (setuid(0))    {        perror("setuid");        return 1;    }    //I am now root!    printf("My UID is: %d. My GID is: %dn", getuid(), getgid());    system("/usr/bin/id");    //Time to drop back to regular user privileges    setuid(current_uid);    printf("My UID is: %d. My GID is: %dn", getuid(), getgid());    system("/usr/bin/id");    return 0;}​

After doing gcc -o setuid setuid.c, I run ls -al on this to get following results:

tarun@staging:~$ ls -al setuid
-rwxr-xr-x 1 tarun tarun 9792 2009-10-03 18:09 setuid
adam@staging:~$

JavaScript
 
tarun@staging:~$ ls -al setuid-rwxr-xr-x 1 tarun tarun 9792 2009-10-03 18:09 setuidadam@staging:~$​

Trying to run the application results in:

tarun@staging:~$ ./setuid
My UID is: 1000. My GID is: 1000
uid=1000(tarun) gid=1000(tarun) groups=1000(tarun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),125(sambashare),999(bumblebee)
setuid: Operation not permitted

JavaScript
 
tarun@staging:~$ ./setuidMy UID is: 1000. My GID is: 1000uid=1000(tarun) gid=1000(tarun) groups=1000(tarun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),125(sambashare),999(bumblebee)setuid: Operation not permitted​

I change the owner to root and set the sticky bits accordingly:

tarun@staging:~$ su - root
Password:
staging:~# cd /home/tarun
staging:/home/tarun# chown root.root setuid
staging:/home/tarun# chmod +s setuid
staging:/home/tarun# ls -al setuid
-rwsr-sr-x 1 root root 9792 2009-10-03 18:09 setuid
staging:/home/tarun# exit
logout
tarun@staging:~$

JavaScript
 
tarun@staging:~$ su - rootPassword:staging:~# cd /home/tarunstaging:/home/tarun# chown root.root setuidstaging:/home/tarun# chmod +s setuidstaging:/home/tarun# ls -al setuid-rwsr-sr-x 1 root root 9792 2009-10-03 18:09 setuidstaging:/home/tarun# exitlogouttarun@staging:~$​

Executing the program now gives:

adam@staging:~$ ./setuid
My UID is: 1000. My GID is: 1000
uid=1000(tarun) gid=1000(tarun) groups=1000(tarun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),125(sambashare),999(bumblebee)
setuid: Operation not permitted

JavaScript
 
adam@staging:~$ ./setuidMy UID is: 1000. My GID is: 1000uid=1000(tarun) gid=1000(tarun) groups=1000(tarun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),125(sambashare),999(bumblebee)setuid: Operation not permitted​

While ideally it should have executed fully and changed my uid to 0. What am I doing wrong?

Answer

No problem with your code, just check correct setuid / ‘sgid’ sequence:

sudo chmod 6775 setuid
sudo chown root:root setuid

JavaScript
 
sudo chmod 6775 setuidsudo chown root:root setuid​

You must set at least SUID, SGID and execution permissions (6555 mask). Also it’s common for this case to set user/group write (6775 mask). Of course for security you can limit this to user write mask (6755).

And please beassure you don’t drop permissions during re-compile:

$ ls -al
-rwsrwsr-x 1 root  root  8772 Feb  8 17:52 setuid

JavaScript
 
$ ls -al-rwsrwsr-x 1 root  root  8772 Feb  8 17:52 setuid​

Just in case you (or future readers) need such guide: What is SUID and how to set SUID in Linux/Unix?

Regarding to issues with eCryptfs: here is article which should help you: https://wiki.archlinux.org/index.php/ECryptfs

Advertisement

Answer