0

I want to set current process's effective uid to other user's uid (or a arbitrary value). 

struct passwd* pwHost = getpwnam(hostName);//hostName is another user's name
struct passwd* pwGuest = getpwnam(guestName);//guestName is the current log-in user's name
if(pwHost==NULL||pwGuest==NULL)
{
    printf("User cannot be found\n");
    exit(0);
}

//setresuid(pwGuest->pw_uid, pwHost->pw_uid, pwGuest->pw_uid);//change the effective uid of current process to the host uid
setresuid(1000, 1000, 1000);//change current process's uid to a arbitrary value
printf("Host uid: %u\n", pwHost->pw_uid);
printf("Guest uid: %u\n", pwGuest->pw_uid);

static uid_t euid, ruid, suid;
getresuid(&euid, &ruid, &suid); 
printf("euid: %u\n", euid);
printf("ruid: %u\n", ruid);
printf("suid: %u\n", suid);
printf("Set permission complete\n");

Result:

Host uid: 35917
Guest uid: 35917
euid: 35917
ruid: 35917
suid: 35917

However, it seems like none of them has been changed yet. I looked-up the manual, which explains that user needs a privilege or something I don't quite understand. Could anyone give me some hints of how to achieve my goal? Thanks a lot.

TonyLic
  • 647
  • 1
  • 13
  • 26

2 Answers2

0

In general, only a root process can change its uid to another uid.

Userids are fundamental building blocks of the POSIX security model. If a regular process could change its userid, there will be no point to having userids in the first place. Any process could change its uid, and overwrite any file or directory owned by another userid.

Sam Varshavchik
  • 114,536
  • 5
  • 94
  • 148
  • 1
    I'd add a comment that the OP should add checks for the return value of system calls like `setresuid`. This would probably have given a clue as to the problem. – DoxyLover Nov 15 '14 at 03:39
  • Thanks. You answer makes sense to me. As I know, sudo command can let one user do what another user do, so how can I implement this by my own? – TonyLic Nov 16 '14 at 03:24
  • As I said, userid separation is a fundamental part of Linux/Unix security design. A non-root process, by itself, cannot switch userids. Period. No exceptions. If you need this kind of functionality, you will have to design a more complicated application, that consists of multiple processes, with at least one process running as root, and having the ability to switch to some other userid; and then have a secure mechanism by which another process can use it to launch a process under a different userid, and perform the specific action... – Sam Varshavchik Nov 17 '14 at 00:08
  • ... Of course, you must understand the security implications of this approach. You'll have to design your overall application in some way as to make sure that some other random process cannot comandeer the root-privileged part of your overall application, in order to do its bidding; that only your application can use this functionality. There is no magic button one can push, and make this kind of an application pop into existence. You will have to figure out how to do it specifically for your application, and this will, of course, depend entirely on how your application works, internally. – Sam Varshavchik Nov 17 '14 at 00:10
0

In addition to the code you have, you will need to set the file permissions to indicate the executable has setuid permissions. This can be done with;

chmod +s exec

This allows any random user to execute the program using the privilege of the owner of the executable. If the owner of the executable is root, this can bypass many security features, allowing for dangerous results.

Here's a link to page with more details on the setuid and setgid file permissions.

CAB
  • 1,106
  • 9
  • 23