setegid() in a suid-root binary in C

Question

Good evening, I am trying to write a suid-root binary in C and I have stumbled across the following problem: I execute it as a non-privileged user user1 and I am able to use setuid/seteuid to change to any user id I want. The problem is that I can't do that with effective group ids. Part of code:

if ( setegid(VariableID) == -1 ) {
    perror("setegid failed");
    exit(1);
}

and this returns:

setegid failed: Operation not permitted

Please note that I can successfully change group IDs between root(0) and the user that executes the binary but I can't change to other groups. Shouldn't this be possible since the binary is suid-root like the UID/EUID?

Could you please provide some more info about why is this happening? — zakkak, Sep 26 '14 at 14:35
As far as I understand, if you change the user first, that user might not have the permission to change the group ID, while if you're root, you can certainly do that. — DaKnOb, Sep 26 '14 at 14:46

score 0 · Accepted Answer · answered Sep 26 '14 at 14:30

0

The answer (thanks Ingo Leonhardt) is that you need to change the group id before the user id. It kind of makes sense now.. :)

answered Sep 26 '14 at 14:30

DaKnOb

577
4
17

setegid() in a suid-root binary in C

1 Answers1