-1

I want to write program in C which will open bash as root, but without password for any user.

#include <unistd.h>
#include <stdio.h>

int main(void)
{
    char *argv[] = { "/bin/bash","-c","sudo /bin/bash",0 };
    execve(argv[0], &argv[0],0);
    return 0;
}

My system is Linux Mint 18.2 Sonya, and i set these 2 commands

chown root:root a.out
chmod u=srwx,go=xr a.out

But still when i try to execute this, it asks for password. I don`t want to edit /etc/sudoers if there is any other option.

Arryyyy
  • 91
  • 1
  • 8
  • 3
    Allowing running programs as root without having to specify root's password (and without giving explicit permission to do so via sudoers or some other means) does sound like a security vulnerability, don't you think? – Daniel Kamil Kozar Nov 25 '17 at 10:39
  • It is, in some specific cases it's not. Can we judge until we know the whole figure? OP *must* be warned about the risks, or maybe explain what is the whole picture. Note that many programs (especially daemons) have a setuid bit and run as root, usually to perform some initializations then setuid() as a regular user. – Déjà vu Nov 25 '17 at 10:40
  • @DanielKamilKozar The OP has the ability to set owner to root and set `SETUID`. – iBug Nov 25 '17 at 10:41
  • Im aware of risk. This is a part of my studies task, its not going to be used anywhere else. – Arryyyy Nov 25 '17 at 11:24

1 Answers1

0

This is a HUGE security hole you're creating. Just so long as you're aware of it. In fact, I cannot understand why you don't want to edit sudoers, but are okay with a having a program where merely running it creates a root shell.

With that said, here is the program:

#include <unistd.h>
#include <stdio.h>

int main(int argc, char *argv[], char *envp[]) {
  char *args[] = { "/bin/bash", NULL };
  execve(args[0], args, envp);

  perror("Running bash failed");
  return 1;
}

Now all you have to do is compile it, set the executable's file owner to root and set the SUID permission.

The reason your code failed is because SUID sets the effective UID. The real UID is still you, and so sudo asks for a password.

With that said, there is no reason to just run the shell as effective root, which is what the code above does.

One downside of this code is that it does not set the real UID to root, and does not perform a log in. If that's an issue for you, keep your original program, but add at its beginning:

setresuid(0, 0, 0);
setresgid(0, 0, 0);
Shachar Shemesh
  • 8,193
  • 6
  • 25
  • 57