Skip to content
Advertisement

setuid(0) fails to execute for root owned program

I need to write some code which can gain root priveleges and execute system level operations. Here’s what I’ve written (this is not the actual code, just to test if I’m doing things correctly or not):

JavaScript

After doing gcc -o setuid setuid.c, I run ls -al on this to get following results:

JavaScript

Trying to run the application results in:

JavaScript

I change the owner to root and set the sticky bits accordingly:

JavaScript

Executing the program now gives:

JavaScript

While ideally it should have executed fully and changed my uid to 0. What am I doing wrong?

Advertisement

Answer

No problem with your code, just check correct setuid / ‘sgid’ sequence:

JavaScript

You must set at least SUID, SGID and execution permissions (6555 mask). Also it’s common for this case to set user/group write (6775 mask). Of course for security you can limit this to user write mask (6755).

And please beassure you don’t drop permissions during re-compile:

JavaScript

Just in case you (or future readers) need such guide: What is SUID and how to set SUID in Linux/Unix?

Regarding to issues with eCryptfs: here is article which should help you: https://wiki.archlinux.org/index.php/ECryptfs

Advertisement